Shrink-wrap UnlinkedCodeBlock members.
[WebKit-https.git] / Source / JavaScriptCore / ChangeLog
1 2013-02-09  Andreas Kling  <akling@apple.com>
2
3         Shrink-wrap UnlinkedCodeBlock members.
4         <http://webkit.org/b/109368>
5
6         Reviewed by Oliver Hunt.
7
8         Rearrange the members of UnlinkedCodeBlock to avoid unnecessary padding on 64-bit.
9         Knocks ~600 KB off of the Membuster3 peak.
10
11         * bytecode/UnlinkedCodeBlock.cpp:
12         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
13         * bytecode/UnlinkedCodeBlock.h:
14         (UnlinkedCodeBlock):
15
16 2013-02-08  Filip Pizlo  <fpizlo@apple.com>
17
18         DFG should allow phases to break Phi's and then have one phase to rebuild them
19         https://bugs.webkit.org/show_bug.cgi?id=108414
20
21         Reviewed by Mark Hahnenberg.
22         
23         Introduces two new DFG forms: LoadStore and ThreadedCPS. These are described in
24         detail in DFGCommon.h.
25         
26         Consequently, DFG phases no longer have to worry about preserving data flow
27         links between basic blocks. It is generally always safe to request that the
28         graph be dethreaded (Graph::dethread), which brings it into LoadStore form, where
29         the data flow is implicit. In this form, only liveness-at-head needs to be
30         preserved.
31         
32         All of the machinery for "threading" the graph to introduce data flow between
33         blocks is now moved out of the bytecode parser and into the CPSRethreadingPhase.
34         All phases that previously did this maintenance themselves now just rely on
35         being able to dethread the graph. The one exception is the structure check
36         hoising phase, which operates over a threaded graph and preserves it, for the
37         sake of performance.
38         
39         Also moved two other things into their own phases: unification (previously found
40         in the parser) and prediction injection (previously found in various places).
41
42         * CMakeLists.txt:
43         * GNUmakefile.list.am:
44         * JavaScriptCore.xcodeproj/project.pbxproj:
45         * Target.pri:
46         * bytecode/Operands.h:
47         (Operands):
48         (JSC::Operands::sizeFor):
49         (JSC::Operands::atFor):
50         * dfg/DFGAbstractState.cpp:
51         (JSC::DFG::AbstractState::execute):
52         (JSC::DFG::AbstractState::mergeStateAtTail):
53         * dfg/DFGAllocator.h:
54         (JSC::DFG::::allocateSlow):
55         * dfg/DFGArgumentsSimplificationPhase.cpp:
56         (JSC::DFG::ArgumentsSimplificationPhase::run):
57         * dfg/DFGBasicBlockInlines.h:
58         (DFG):
59         * dfg/DFGByteCodeParser.cpp:
60         (JSC::DFG::ByteCodeParser::getLocal):
61         (JSC::DFG::ByteCodeParser::getArgument):
62         (JSC::DFG::ByteCodeParser::flushDirect):
63         (JSC::DFG::ByteCodeParser::parseBlock):
64         (DFG):
65         (JSC::DFG::ByteCodeParser::parse):
66         * dfg/DFGCFGSimplificationPhase.cpp:
67         (JSC::DFG::CFGSimplificationPhase::run):
68         (JSC::DFG::CFGSimplificationPhase::killUnreachable):
69         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
70         (CFGSimplificationPhase):
71         (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
72         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
73         * dfg/DFGCPSRethreadingPhase.cpp: Added.
74         (DFG):
75         (CPSRethreadingPhase):
76         (JSC::DFG::CPSRethreadingPhase::CPSRethreadingPhase):
77         (JSC::DFG::CPSRethreadingPhase::run):
78         (JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
79         (JSC::DFG::CPSRethreadingPhase::clearVariablesAtHeadAndTail):
80         (JSC::DFG::CPSRethreadingPhase::addPhiSilently):
81         (JSC::DFG::CPSRethreadingPhase::addPhi):
82         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
83         (JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocal):
84         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetLocal):
85         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocalFor):
86         (JSC::DFG::CPSRethreadingPhase::canonicalizeFlushOrPhantomLocal):
87         (JSC::DFG::CPSRethreadingPhase::canonicalizeSetArgument):
88         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
89         (JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
90         (JSC::DFG::CPSRethreadingPhase::propagatePhis):
91         (JSC::DFG::CPSRethreadingPhase::PhiStackEntry::PhiStackEntry):
92         (PhiStackEntry):
93         (JSC::DFG::CPSRethreadingPhase::phiStackFor):
94         (JSC::DFG::performCPSRethreading):
95         * dfg/DFGCPSRethreadingPhase.h: Added.
96         (DFG):
97         * dfg/DFGCSEPhase.cpp:
98         (CSEPhase):
99         (JSC::DFG::CSEPhase::performNodeCSE):
100         * dfg/DFGCommon.cpp:
101         (WTF):
102         (WTF::printInternal):
103         * dfg/DFGCommon.h:
104         (JSC::DFG::logCompilationChanges):
105         (DFG):
106         (WTF):
107         * dfg/DFGConstantFoldingPhase.cpp:
108         (JSC::DFG::ConstantFoldingPhase::foldConstants):
109         * dfg/DFGDriver.cpp:
110         (JSC::DFG::compile):
111         * dfg/DFGGraph.cpp:
112         (JSC::DFG::Graph::Graph):
113         (JSC::DFG::Graph::dump):
114         (JSC::DFG::Graph::dethread):
115         (JSC::DFG::Graph::collectGarbage):
116         * dfg/DFGGraph.h:
117         (JSC::DFG::Graph::performSubstitution):
118         (Graph):
119         (JSC::DFG::Graph::performSubstitutionForEdge):
120         (JSC::DFG::Graph::convertToConstant):
121         * dfg/DFGNode.h:
122         (JSC::DFG::Node::convertToPhantomLocal):
123         (Node):
124         (JSC::DFG::Node::convertToGetLocal):
125         (JSC::DFG::Node::hasVariableAccessData):
126         * dfg/DFGNodeType.h:
127         (DFG):
128         * dfg/DFGPhase.cpp:
129         (JSC::DFG::Phase::beginPhase):
130         * dfg/DFGPhase.h:
131         (JSC::DFG::runAndLog):
132         * dfg/DFGPredictionInjectionPhase.cpp: Added.
133         (DFG):
134         (PredictionInjectionPhase):
135         (JSC::DFG::PredictionInjectionPhase::PredictionInjectionPhase):
136         (JSC::DFG::PredictionInjectionPhase::run):
137         (JSC::DFG::performPredictionInjection):
138         * dfg/DFGPredictionInjectionPhase.h: Added.
139         (DFG):
140         * dfg/DFGPredictionPropagationPhase.cpp:
141         (JSC::DFG::PredictionPropagationPhase::run):
142         (JSC::DFG::PredictionPropagationPhase::propagate):
143         * dfg/DFGSpeculativeJIT32_64.cpp:
144         (JSC::DFG::SpeculativeJIT::compile):
145         * dfg/DFGSpeculativeJIT64.cpp:
146         (JSC::DFG::SpeculativeJIT::compile):
147         * dfg/DFGStructureCheckHoistingPhase.cpp:
148         (JSC::DFG::StructureCheckHoistingPhase::run):
149         * dfg/DFGUnificationPhase.cpp: Added.
150         (DFG):
151         (UnificationPhase):
152         (JSC::DFG::UnificationPhase::UnificationPhase):
153         (JSC::DFG::UnificationPhase::run):
154         (JSC::DFG::performUnification):
155         * dfg/DFGUnificationPhase.h: Added.
156         (DFG):
157         * dfg/DFGValidate.cpp:
158         (JSC::DFG::Validate::validate):
159         (JSC::DFG::Validate::dumpGraphIfAppropriate):
160         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
161         (JSC::DFG::VirtualRegisterAllocationPhase::run):
162         * llint/LLIntSlowPaths.cpp:
163         (JSC::LLInt::setUpCall):
164         * runtime/JSCJSValue.cpp:
165         (JSC::JSValue::dump):
166         * runtime/JSString.h:
167         (JSString):
168         * runtime/Options.h:
169         (JSC):
170
171 2013-02-08  Jer Noble  <jer.noble@apple.com>
172
173         Bring WebKit up to speed with latest Encrypted Media spec.
174         https://bugs.webkit.org/show_bug.cgi?id=97037
175
176         Reviewed by Eric Carlson.
177
178         Define the ENABLE_ENCRYPTED_MEDIA_V2 setting.
179
180         * Configurations/FeatureDefines.xcconfig:
181
182 2013-02-08  Gavin Barraclough  <barraclough@apple.com>
183
184         Objective-C API for JavaScriptCore
185         https://bugs.webkit.org/show_bug.cgi?id=105889
186
187         Reviewed by Joseph Pecoraro
188
189         Following up on review comments, mostly typos.
190
191         * API/JSBlockAdaptor.h:
192         * API/JSBlockAdaptor.mm:
193         (-[JSBlockAdaptor blockFromValue:inContext:withException:]):
194         * API/JSContext.h:
195         * API/JSExport.h:
196         * API/JSValue.h:
197         * API/JSValue.mm:
198         * API/JSWrapperMap.mm:
199         (selectorToPropertyName):
200         (-[JSWrapperMap classInfoForClass:]):
201         (-[JSWrapperMap wrapperForObject:]):
202
203 2013-02-08  Martin Robinson  <mrobinson@igalia.com>
204
205         [GTK] Add an experimental gyp build
206         https://bugs.webkit.org/show_bug.cgi?id=109003
207
208         Reviewed by Gustavo Noronha Silva.
209
210         * JavaScriptCore.gypi: Update the list of source files to include those
211         necessary for the GTK+ build.
212
213 2013-02-08  Andreas Kling  <akling@apple.com>
214
215         JSC: Lower minimum PropertyTable size.
216         <http://webkit.org/b/109247>
217
218         Reviewed by Darin Adler.
219
220         Lower the minimum table size for PropertyTable from 16 to 8.
221         3.32 MB progression on Membuster3 (a ~13% reduction in memory used by PropertyTables.)
222
223         * runtime/PropertyMapHashTable.h:
224         (PropertyTable):
225         (JSC::PropertyTable::sizeForCapacity):
226
227 2013-02-07  Roger Fong  <roger_fong@apple.com>
228
229         Unreviewed. More VS2010 WebKit solution touchups.
230         Make JavaScriptCoreExports.def.in be treated as a custom build file so that changes to it cause the exports to be rebuilt.
231
232         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj:
233         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters:
234         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in:
235
236 2013-02-07  Mark Hahnenberg  <mhahnenberg@apple.com>
237
238         Objective-C API: testapi.mm should use ARC
239         https://bugs.webkit.org/show_bug.cgi?id=107838
240
241         Reviewed by Mark Rowe.
242
243         Removing the changes to the Xcode project file and moving the equivalent flags into 
244         the ToolExecutable xcconfig file.
245
246         * Configurations/ToolExecutable.xcconfig:
247         * JavaScriptCore.xcodeproj/project.pbxproj:
248
249 2013-02-07  Brent Fulgham  <bfulgham@webkit.org>
250
251         [Windows] Unreviewed Visual Studio 2010 build fixes after r142179.
252
253         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Correct changed symbols
254         * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Removed autogenerated file.
255
256 2013-02-05  Filip Pizlo  <fpizlo@apple.com>
257
258         DFG::ByteCodeParser should do surgical constant folding to reduce load on the optimization fixpoint
259         https://bugs.webkit.org/show_bug.cgi?id=109000
260
261         Reviewed by Oliver Hunt.
262         
263         Previously our source parser's ASTBuilder did some surgical constant folding, but it
264         didn't cover some cases.  It was particularly incapable of doing constant folding for
265         cases where we do some minimal loop peeling in the bytecode generator - since it
266         didn't "see" those constants prior to the peeling.  Example:
267
268         for (var i = 0; i < 4; ++i)
269             things;
270
271         This will get peeled just a bit by the bytecode generator, so that the "i < 4" is
272         duplicated both at the top of the loop and the bottom.  This means that we have a
273         constant comparison: "0 < 4", which the bytecode generator emits without any further
274         thought.
275
276         The DFG optimization fixpoint of course folds this and simplifies the CFG 
277         accordingly, but this incurs a compile-time cost.  The purpose of this change is to
278         do some surgical constant folding in the DFG's bytecode parser, so that such
279         constructs reduce load on the CFG simplifier and the optimization fixpoint.  The goal
280         is not to cover all cases, since the DFG CFA and CFG simplifier have a powerful
281         sparse conditional constant propagation that we can always fall back on. Instead the
282         goal is to cover enough cases that for common small functions we don't have to
283         perform such transformations, thereby reducing compile times.
284         
285         This also refactors m_inlineStackEntry->m_inlineCallFrame to be a handy method call
286         and also adds the notion of a TriState-based JSValue::pureToBoolean(). Both of these
287         things are used by the folder.
288         
289         As well, care has been taken to make sure that the bytecode parser only does folding
290         that is statically provable, and that doesn't arise out of speculation. This means
291         we cannot fold on data flow that crosses inlining boundaries. On the other hand, the
292         folding that the bytecode parser uses doesn't require phantoming anything. Such is
293         the trade-off: for anything that we do need phantoming, we defer it to the
294         optimization fixpoint.
295         
296         Slight SunSpider speed-up.
297
298         * dfg/DFGByteCodeParser.cpp:
299         (JSC::DFG::ByteCodeParser::get):
300         (JSC::DFG::ByteCodeParser::getLocal):
301         (JSC::DFG::ByteCodeParser::setLocal):
302         (JSC::DFG::ByteCodeParser::flushDirect):
303         (JSC::DFG::ByteCodeParser::flushArgumentsAndCapturedVariables):
304         (JSC::DFG::ByteCodeParser::toInt32):
305         (ByteCodeParser):
306         (JSC::DFG::ByteCodeParser::inlineCallFrame):
307         (JSC::DFG::ByteCodeParser::currentCodeOrigin):
308         (JSC::DFG::ByteCodeParser::canFold):
309         (JSC::DFG::ByteCodeParser::handleInlining):
310         (JSC::DFG::ByteCodeParser::getScope):
311         (JSC::DFG::ByteCodeParser::parseResolveOperations):
312         (JSC::DFG::ByteCodeParser::parseBlock):
313         (JSC::DFG::ByteCodeParser::parseCodeBlock):
314         * dfg/DFGNode.h:
315         (JSC::DFG::Node::isStronglyProvedConstantIn):
316         (Node):
317         * runtime/JSCJSValue.h:
318         * runtime/JSCJSValueInlines.h:
319         (JSC::JSValue::pureToBoolean):
320         (JSC):
321
322 2013-02-07  Zoltan Herczeg  <zherczeg@webkit.org>
323
324         Invalid code is generated for storing constants with baseindex addressing modes on ARM traditional.
325         https://bugs.webkit.org/show_bug.cgi?id=109050
326
327         Reviewed by Oliver Hunt.
328
329         The S! scratch register is reused, but it should contain the constant value.
330
331         * assembler/ARMAssembler.cpp:
332         (JSC::ARMAssembler::baseIndexTransfer32):
333         (JSC::ARMAssembler::baseIndexTransfer16):
334
335 2013-02-07  Andras Becsi  <andras.becsi@digia.com>
336
337         [Qt] Use GNU ar's thin archive format for intermediate static libs
338         https://bugs.webkit.org/show_bug.cgi?id=109052
339
340         Reviewed by Jocelyn Turcotte.
341
342         Adjust project files that used activeBuildConfig()
343         to use targetSubDir().
344
345         * JavaScriptCore.pri:
346         * LLIntOffsetsExtractor.pro:
347         * Target.pri:
348
349 2013-02-06  Roger Fong  <roger_fong@apple.com>
350
351         Unreviewed. Touchups to VS2010 WebKit solution.
352         Fix an export generator script, modify some property sheets, add resouce file.
353
354         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props:
355         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd:
356         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props:
357         * JavaScriptCore.vcxproj/resource.h: Added.
358
359 2013-02-06  Ilya Tikhonovsky  <loislo@chromium.org>
360
361         Web Inspector: Native Memory Instrumentation: assign class name to the heap graph node automatically
362         https://bugs.webkit.org/show_bug.cgi?id=107262
363
364         Reviewed by Yury Semikhatsky.
365
366         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
367
368 2013-02-06  Mike West  <mkwst@chromium.org>
369
370         Add an ENABLE_NOSNIFF feature flag.
371         https://bugs.webkit.org/show_bug.cgi?id=109029
372
373         Reviewed by Jochen Eisinger.
374
375         This new flag will control the behavior of 'X-Content-Type-Options: nosniff'
376         when processing script and other resource types.
377
378         * Configurations/FeatureDefines.xcconfig:
379
380 2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
381
382         put_to_base should emit a Phantom for "value" across the ForceOSRExit
383         https://bugs.webkit.org/show_bug.cgi?id=108998
384
385         Reviewed by Oliver Hunt.
386
387         Otherwise, the OSR exit compiler could clobber it, which would lead to badness.
388
389         * bytecode/CodeBlock.cpp:
390         (JSC::CodeBlock::tallyFrequentExitSites): Build fixes for when DFG debug logging is enabled.
391         * dfg/DFGByteCodeParser.cpp:
392         (JSC::DFG::ByteCodeParser::parseBlock): Added extra Phantoms for the "value" field where needed.
393         * dfg/DFGSpeculativeJIT.cpp:
394         (JSC::DFG::SpeculativeJIT::compile): Ditto.
395
396 2013-02-05  Michael Saboff  <msaboff@apple.com>
397
398         Crash at JSC::call when loading www.gap.com with JSVALUE32_64 Enabled
399         https://bugs.webkit.org/show_bug.cgi?id=108991
400
401         Reviewed by Oliver Hunt.
402
403         Changed the restoration from calleeGPR to nonArgGPR0 because the restoration of the return location
404         may step on calleeGPR is it happen to be nonArgGPR2.
405
406         * dfg/DFGRepatch.cpp:
407         (JSC::DFG::dfgLinkClosureCall):
408
409 2013-02-05  Roger Fong  <roger_fong@apple.com>
410
411         Add a JavaScriptCore Export Generator project.
412         https://bugs.webkit.org/show_bug.cgi?id=108971.
413
414         Reviewed by Brent Fulgham.
415
416         * JavaScriptCore.vcxproj/JavaScriptCore.sln:
417         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
418         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
419         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
420         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator: Added.
421         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj: Added.
422         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.filters: Added.
423         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGenerator.vcxproj.user: Added.
424         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorBuildCmd.cmd: Added.
425         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorCommon.props: Added.
426         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorDebug.props: Added.
427         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPostBuild.cmd: Added.
428         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorPreBuild.cmd: Added.
429         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExportGeneratorRelease.props: Added.
430         * JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: Added.
431
432 2013-02-04  Filip Pizlo  <fpizlo@apple.com>
433
434         DFG should have a precise view of jump targets
435         https://bugs.webkit.org/show_bug.cgi?id=108868
436
437         Reviewed by Oliver Hunt.
438         
439         Previously, the DFG relied entirely on the CodeBlock's jump targets list for
440         determining when to break basic blocks. This worked great, except sometimes it
441         would be too conservative since the CodeBlock just says where the bytecode
442         generator inserted labels.
443         
444         This change keeps the old jump target list in CodeBlock since it is still
445         valuable to the baseline JIT, but switches the DFG to use its own jump target
446         calculator. This ought to reduce pressure on the DFG simplifier, which would
447         previously do a lot of work to try to merge redundantly created basic blocks.
448         It appears to be a 1% progression on SunSpider.
449
450         * CMakeLists.txt:
451         * GNUmakefile.list.am:
452         * JavaScriptCore.xcodeproj/project.pbxproj:
453         * Target.pri:
454         * bytecode/PreciseJumpTargets.cpp: Added.
455         (JSC):
456         (JSC::addSimpleSwitchTargets):
457         (JSC::computePreciseJumpTargets):
458         * bytecode/PreciseJumpTargets.h: Added.
459         (JSC):
460         * dfg/DFGByteCodeParser.cpp:
461         (JSC::DFG::ByteCodeParser::parseCodeBlock):
462
463 2013-02-01  Roger Fong  <roger_fong@apple.com>
464
465         Make ConfigurationBuildDir include directories precede WebKitLibraries in JSC.
466         https://bugs.webkit.org/show_bug.cgi?id=108693.
467
468         Rubberstamped by Timothy Horton.
469
470         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
471
472 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
473
474         Structure::m_outOfLineCapacity is unnecessary
475         https://bugs.webkit.org/show_bug.cgi?id=108206
476
477         Reviewed by Darin Adler.
478
479         Simplifying the utility functions that we use since we don't need a 
480         bunch of fancy templates for this one specific call site.
481
482         * runtime/Structure.h:
483         (JSC::Structure::outOfLineCapacity):
484
485 2013-02-05  Mark Hahnenberg  <mhahnenberg@apple.com>
486
487         Objective-C API: testapi.mm should use ARC
488         https://bugs.webkit.org/show_bug.cgi?id=107838
489
490         Reviewed by Oliver Hunt.
491
492         In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs.
493         We should enable ARC, since that is what most of our clients will be using. We use Xcode project 
494         settings to make sure we don't try to compile ARC on 32-bit.
495
496         * API/tests/testapi.mm:
497         (+[TestObject testObject]):
498         (testObjectiveCAPI):
499         * JavaScriptCore.xcodeproj/project.pbxproj:
500
501 2013-02-05  Brent Fulgham  <bfulgham@webkit.org>
502
503         [Windows] Unreviewed VS2010 Build Correction after r141651
504
505         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Add missing
506         StructureRareData.h and StructureRareData.cpp files.
507         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Ditto.
508
509 2013-02-05  Michael Saboff  <msaboff@apple.com>
510
511         r141788 won't build due to not having all changes needed by Node* change
512         https://bugs.webkit.org/show_bug.cgi?id=108944
513
514         Reviewed by David Kilzer.
515
516         Fixed three instances of integerResult(..., m_compileIndex) to be integerResult(..., node).
517
518         * dfg/DFGSpeculativeJIT.cpp:
519         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
520         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
521
522 2013-02-04  Sheriff Bot  <webkit.review.bot@gmail.com>
523
524         Unreviewed, rolling out r141809.
525         http://trac.webkit.org/changeset/141809
526         https://bugs.webkit.org/show_bug.cgi?id=108860
527
528         ARC isn't supported on 32-bit. (Requested by mhahnenberg on
529         #webkit).
530
531         * API/tests/testapi.mm:
532         (+[TestObject testObject]):
533         (testObjectiveCAPI):
534         * JavaScriptCore.xcodeproj/project.pbxproj:
535
536 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
537
538         Objective-C API: testapi.mm should use ARC
539         https://bugs.webkit.org/show_bug.cgi?id=107838
540
541         Reviewed by Oliver Hunt.
542
543         In ToT testapi.mm uses the Obj-C garbage collector, which hides a lot of our object lifetime bugs. 
544         We should enable ARC, since that is what most of our clients will be using.
545
546         * API/tests/testapi.mm:
547         (-[TestObject init]):
548         (-[TestObject dealloc]):
549         (+[TestObject testObject]):
550         (testObjectiveCAPI):
551         * JavaScriptCore.xcodeproj/project.pbxproj:
552
553 2013-02-04  Mark Hahnenberg  <mhahnenberg@apple.com>
554
555         Objective-C API: ObjCCallbackFunction should retain the target of its NSInvocation
556         https://bugs.webkit.org/show_bug.cgi?id=108843
557
558         Reviewed by Darin Adler.
559
560         Currently, ObjCCallbackFunction doesn't retain the target of its NSInvocation. It needs to do 
561         this to prevent crashes when trying to invoke a callback later on.
562
563         * API/ObjCCallbackFunction.mm:
564         (ObjCCallbackFunction::ObjCCallbackFunction):
565         (ObjCCallbackFunction::~ObjCCallbackFunction):
566
567 2013-02-04  Martin Robinson  <mrobinson@igalia.com>
568
569         Fix GTK+ 'make dist' in preparation for the 1.11.5 release.
570
571         * GNUmakefile.list.am: Update the source lists.
572
573 2013-02-04  Michael Saboff  <msaboff@apple.com>
574
575         For ARMv7s use integer divide instruction for divide and modulo when possible
576         https://bugs.webkit.org/show_bug.cgi?id=108840
577
578         Reviewed in person by Filip Pizlo.
579
580         Added ARMv7s integer divide path for ArithDiv and ArithMod where operands and results are integer.
581         This is patterned after the similar code for X86.  Also added modulo power of 2 optimization
582         that uses logical and.  Added sdiv and udiv to the ARMv7 disassembler.  Put all the changes
583         behind #if CPU(APPLE_ARMV7S). 
584
585         * assembler/ARMv7Assembler.h:
586         (ARMv7Assembler):
587         (JSC::ARMv7Assembler::sdiv):
588         (JSC::ARMv7Assembler::udiv):
589         * dfg/DFGCommon.h:
590         (JSC::DFG::isARMv7s):
591         * dfg/DFGFixupPhase.cpp:
592         (JSC::DFG::FixupPhase::fixupNode):
593         * dfg/DFGSpeculativeJIT.cpp:
594         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
595         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForARMv7s):
596         * dfg/DFGSpeculativeJIT.h:
597         (SpeculativeJIT):
598         * dfg/DFGSpeculativeJIT32_64.cpp:
599         (JSC::DFG::SpeculativeJIT::compile):
600
601 2013-02-04  David Kilzer  <ddkilzer@apple.com>
602
603         Check PrivateHeaders/JSBasePrivate.h for inappropriate macros
604         <http://webkit.org/b/108749>
605
606         Reviewed by Joseph Pecoraro.
607
608         * JavaScriptCore.xcodeproj/project.pbxproj: Add
609         PrivateHeaders/JSBasePrivate.h to list of headers to check in
610         "Check for Inappropriate Macros in External Headers" build phase
611         script.
612
613 2013-02-04  David Kilzer  <ddkilzer@apple.com>
614
615         Remove duplicate entries from JavaScriptCore Xcode project
616
617             $ uniq Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | diff -u - Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj | patch -p0 -R
618             patching file Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
619
620         * JavaScriptCore.xcodeproj/project.pbxproj: Remove duplicates.
621
622 2013-02-04  David Kilzer  <ddkilzer@apple.com>
623
624         Sort JavaScriptCore Xcode project file
625
626         * JavaScriptCore.xcodeproj/project.pbxproj:
627
628 2013-02-03  David Kilzer  <ddkilzer@apple.com>
629
630         Upstream ENABLE_PDFKIT_PLUGIN settting
631         <http://webkit.org/b/108792>
632
633         Reviewed by Tim Horton.
634
635         * Configurations/FeatureDefines.xcconfig: Disable PDFKIT_PLUGIN
636         on iOS since PDFKit is a Mac-only framework.
637
638 2013-02-02  Andreas Kling  <akling@apple.com>
639
640         Vector should consult allocator about ideal size when choosing capacity.
641         <http://webkit.org/b/108410>
642         <rdar://problem/13124002>
643
644         Reviewed by Benjamin Poulain.
645
646         Remove assertion about Vector capacity that won't hold anymore since capacity()
647         may not be what you passed to reserveCapacity().
648         Also export WTF::fastMallocGoodSize() for Windows builds.
649
650         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
651         * bytecode/CodeBlock.cpp:
652         (JSC::CodeBlock::CodeBlock):
653
654 2013-02-02  Patrick Gansterer  <paroga@webkit.org>
655
656         [CMake] Adopt the WinCE port to new CMake
657         https://bugs.webkit.org/show_bug.cgi?id=108754
658
659         Reviewed by Laszlo Gombos.
660
661         * os-win32/WinMain.cpp: Removed.
662         * shell/PlatformWinCE.cmake: Removed.
663
664 2013-02-02  Mark Rowe  <mrowe@apple.com>
665
666         <http://webkit.org/b/108745> WTF shouldn't use a script build phase to detect the presence of headers when the compiler can do it for us
667
668         Reviewed by Sam Weinig.
669
670         * DerivedSources.make: Remove an obsolete Makefile rule. This should have been removed when the use
671         of the generated file moved to WTF.
672
673 2013-02-02  David Kilzer  <ddkilzer@apple.com>
674
675         Upstream iOS FeatureDefines
676         <http://webkit.org/b/108753>
677
678         Reviewed by Anders Carlsson.
679
680         * Configurations/FeatureDefines.xcconfig:
681         - ENABLE_DEVICE_ORIENTATION: Add iOS configurations.
682         - ENABLE_PLUGIN_PROXY_FOR_VIDEO: Ditto.
683         - FEATURE_DEFINES: Add ENABLE_PLUGIN_PROXY_FOR_VIDEO.  Add
684           PLATFORM_NAME variant to reduce future merge conflicts. 
685
686 2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
687
688         Structure::m_enumerationCache should be moved to StructureRareData
689         https://bugs.webkit.org/show_bug.cgi?id=108723
690
691         Reviewed by Oliver Hunt.
692
693         m_enumerationCache is only used by objects whose properties are iterated over, so not every Structure needs this 
694         field and it can therefore be moved safely to StructureRareData to help with memory savings.
695
696         * runtime/JSPropertyNameIterator.h:
697         (JSPropertyNameIterator):
698         (JSC::Register::propertyNameIterator):
699         (JSC::StructureRareData::enumerationCache): Add to JSPropertyNameIterator.h so that it can see the correct type.
700         (JSC::StructureRareData::setEnumerationCache): Ditto.
701         * runtime/Structure.cpp:
702         (JSC::Structure::addPropertyWithoutTransition): Use the enumerationCache() getter rather than accessing the field.
703         (JSC::Structure::removePropertyWithoutTransition): Ditto.
704         (JSC::Structure::visitChildren): We no longer have to worry about marking the m_enumerationCache field.
705         * runtime/Structure.h: 
706         (JSC::Structure::setEnumerationCache): Move the old accessors back since we don't have to have any knowledge of 
707         the JSPropertyNameIterator type.
708         (JSC::Structure::enumerationCache): Ditto.
709         * runtime/StructureRareData.cpp:
710         (JSC::StructureRareData::visitChildren): Mark the new m_enumerationCache field.
711         * runtime/StructureRareData.h: Add new functions/fields.
712         (StructureRareData):
713
714 2013-02-01  Roger Fong  <roger_fong@apple.com>
715
716         Unreviewed. JavaScriptCore VS2010 project cleanup.
717
718         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
719         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
720         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
721         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj:
722
723 2013-02-01  Sheriff Bot  <webkit.review.bot@gmail.com>
724
725         Unreviewed, rolling out r141662.
726         http://trac.webkit.org/changeset/141662
727         https://bugs.webkit.org/show_bug.cgi?id=108738
728
729         it's an incorrect change since processPhiStack will
730         dereference dangling BasicBlock pointers (Requested by pizlo
731         on #webkit).
732
733         * dfg/DFGByteCodeParser.cpp:
734         (JSC::DFG::ByteCodeParser::parse):
735
736 2013-02-01  Filip Pizlo  <fpizlo@apple.com>
737
738         Eliminate dead blocks sooner in the DFG::ByteCodeParser to make clear that you don't need to hold onto them during Phi construction
739         https://bugs.webkit.org/show_bug.cgi?id=108717
740
741         Reviewed by Mark Hahnenberg.
742         
743         I think this makes the code clearer. It doesn't change behavior.
744
745         * dfg/DFGByteCodeParser.cpp:
746         (JSC::DFG::ByteCodeParser::parse):
747
748 2013-02-01  Mark Hahnenberg  <mhahnenberg@apple.com>
749
750         Structure should have a StructureRareData field to save space
751         https://bugs.webkit.org/show_bug.cgi?id=108659
752
753         Reviewed by Oliver Hunt.
754
755         Many of the fields in Structure are used in a subset of all total Structures; however, all Structures must 
756         pay the memory cost of those fields, regardless of whether they use them or not. Since we can have potentially 
757         many Structures on a single page (e.g. bing.com creates ~1500 Structures), it would be profitable to 
758         refactor Structure so that not every Structure has to pay the memory costs for these infrequently used fields.
759
760         To accomplish this, we can create a new StructureRareData class to house these seldom used fields which we 
761         can allocate on demand whenever a Structure requires it. This StructureRareData can itself be a JSCell, and 
762         can do all the marking of the fields for the Structure. The StructureRareData field will be part of a union 
763         with m_previous to minimize overhead. We'll add a new field to JSTypeInfo to indicate that the Structure has 
764         a StructureRareData field. During transitions, a Structure will clone its previous Structure's StructureRareData 
765         if it has one. There could be some potential for optimizing this process, but the initial implementation will 
766         be dumb since we'd be paying these overhead costs for each Structure anyways.
767
768         Initially we'll only put two fields in the StructureRareData to avoid a memory regression. Over time we'll 
769         continue to move fields from Structure to StructureRareData. Optimistically, this could potentially reduce our 
770         Structure memory footprint by up to around 75%. It could also clear the way for removing destructors from 
771         Structures (and into StructureRareData).
772
773         * CMakeLists.txt:
774         * GNUmakefile.list.am:
775         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
776         * JavaScriptCore.xcodeproj/project.pbxproj:
777         * Target.pri:
778         * dfg/DFGRepatch.cpp: Includes for linking purposes.
779         * jit/JITStubs.cpp:
780         * jsc.cpp:
781         * llint/LLIntSlowPaths.cpp:
782         * runtime/JSCellInlines.h: Added ifdef guards.
783         * runtime/JSGlobalData.cpp: New Structure for StructureRareData class.
784         (JSC::JSGlobalData::JSGlobalData):
785         * runtime/JSGlobalData.h:
786         (JSGlobalData):
787         * runtime/JSGlobalObject.h:
788         * runtime/JSTypeInfo.h: New flag to indicate whether or not a Structure has a StructureRareData field.
789         (JSC::TypeInfo::flags):
790         (JSC::TypeInfo::structureHasRareData):
791         * runtime/ObjectPrototype.cpp:
792         * runtime/Structure.cpp: We use a combined WriteBarrier<JSCell> field m_previousOrRareData to avoid compiler issues.
793         (JSC::Structure::dumpStatistics):
794         (JSC::Structure::Structure): 
795         (JSC::Structure::materializePropertyMap):
796         (JSC::Structure::addPropertyTransition):
797         (JSC::Structure::nonPropertyTransition):
798         (JSC::Structure::pin):
799         (JSC::Structure::allocateRareData): Handles allocating a brand new StructureRareData field.
800         (JSC::Structure::cloneRareDataFrom): Handles cloning a StructureRareData field from another. Used during Structure 
801         transitions.
802         (JSC::Structure::visitChildren): We no longer have to worry about marking m_objectToStringValue.
803         * runtime/Structure.h:
804         (JSC::Structure::previousID): Checks the structureHasRareData flag to see where it should get the previous Structure.
805         (JSC::Structure::objectToStringValue): Reads the value from the StructureRareData. If it doesn't exist, returns 0.
806         (JSC::Structure::setObjectToStringValue): Ensures that we have a StructureRareData field, then forwards the function 
807         call to it.
808         (JSC::Structure::materializePropertyMapIfNecessary):
809         (JSC::Structure::setPreviousID): Checks for StructureRareData and forwards if necessary.
810         (Structure):
811         (JSC::Structure::clearPreviousID): Ditto.
812         (JSC::Structure::create):
813         * runtime/StructureRareData.cpp: Added. All of the basic functionality of a JSCell with the fields that we've moved 
814         from Structure and the functions required to access/modify those fields as Structure would have done.
815         (JSC):
816         (JSC::StructureRareData::createStructure):
817         (JSC::StructureRareData::create):
818         (JSC::StructureRareData::clone):
819         (JSC::StructureRareData::StructureRareData):
820         (JSC::StructureRareData::visitChildren):
821         * runtime/StructureRareData.h: Added.
822         (JSC):
823         (StructureRareData):
824         * runtime/StructureRareDataInlines.h: Added.
825         (JSC):
826         (JSC::StructureRareData::previousID):
827         (JSC::StructureRareData::setPreviousID):
828         (JSC::StructureRareData::clearPreviousID):
829         (JSC::Structure::previous): Handles the ugly casting to get the value of the right type of m_previousOrRareData.
830         (JSC::Structure::rareData): Ditto.
831         (JSC::StructureRareData::objectToStringValue):
832         (JSC::StructureRareData::setObjectToStringValue):
833
834         * CMakeLists.txt:
835         * GNUmakefile.list.am:
836         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
837         * JavaScriptCore.xcodeproj/project.pbxproj:
838         * Target.pri:
839         * dfg/DFGRepatch.cpp:
840         * jit/JITStubs.cpp:
841         * jsc.cpp:
842         * llint/LLIntSlowPaths.cpp:
843         * runtime/JSCellInlines.h:
844         * runtime/JSGlobalData.cpp:
845         (JSC::JSGlobalData::JSGlobalData):
846         * runtime/JSGlobalData.h:
847         (JSGlobalData):
848         * runtime/JSGlobalObject.h:
849         * runtime/JSTypeInfo.h:
850         (JSC):
851         (JSC::TypeInfo::flags):
852         (JSC::TypeInfo::structureHasRareData):
853         * runtime/ObjectPrototype.cpp:
854         * runtime/Structure.cpp:
855         (JSC::Structure::dumpStatistics):
856         (JSC::Structure::Structure):
857         (JSC::Structure::materializePropertyMap):
858         (JSC::Structure::addPropertyTransition):
859         (JSC::Structure::nonPropertyTransition):
860         (JSC::Structure::pin):
861         (JSC::Structure::allocateRareData):
862         (JSC):
863         (JSC::Structure::cloneRareDataFrom):
864         (JSC::Structure::visitChildren):
865         * runtime/Structure.h:
866         (JSC::Structure::previousID):
867         (JSC::Structure::objectToStringValue):
868         (JSC::Structure::setObjectToStringValue):
869         (JSC::Structure::materializePropertyMapIfNecessary):
870         (JSC::Structure::setPreviousID):
871         (Structure):
872         (JSC::Structure::clearPreviousID):
873         (JSC::Structure::previous):
874         (JSC::Structure::rareData):
875         (JSC::Structure::create):
876         * runtime/StructureRareData.cpp: Added.
877         (JSC):
878         (JSC::StructureRareData::createStructure):
879         (JSC::StructureRareData::create):
880         (JSC::StructureRareData::clone):
881         (JSC::StructureRareData::StructureRareData):
882         (JSC::StructureRareData::visitChildren):
883         * runtime/StructureRareData.h: Added.
884         (JSC):
885         (StructureRareData):
886         * runtime/StructureRareDataInlines.h: Added.
887         (JSC):
888         (JSC::StructureRareData::previousID):
889         (JSC::StructureRareData::setPreviousID):
890         (JSC::StructureRareData::clearPreviousID):
891         (JSC::StructureRareData::objectToStringValue):
892         (JSC::StructureRareData::setObjectToStringValue):
893
894 2013-02-01  Balazs Kilvady  <kilvadyb@homejinni.com>
895
896         offlineasm BaseIndex handling is broken on ARM due to MIPS changes
897         https://bugs.webkit.org/show_bug.cgi?id=108261
898
899         Reviewed by Filip Pizlo.
900
901         offlineasm BaseIndex handling fix on MIPS.
902
903         * offlineasm/mips.rb:
904         * offlineasm/risc.rb:
905
906 2013-02-01  Geoffrey Garen  <ggaren@apple.com>
907
908         Removed an unused function: JSGlobalObject::createFunctionExecutableFromGlobalCode
909         https://bugs.webkit.org/show_bug.cgi?id=108657
910
911         Reviewed by Anders Carlsson.
912
913         * runtime/JSGlobalObject.cpp:
914         (JSC):
915         * runtime/JSGlobalObject.h:
916         (JSGlobalObject):
917
918 2013-02-01  Geoffrey Garen  <ggaren@apple.com>
919
920         Added TriState to WTF and started using it in one place
921         https://bugs.webkit.org/show_bug.cgi?id=108628
922
923         Reviewed by Beth Dakin.
924
925         * runtime/PrototypeMap.h:
926         (JSC::PrototypeMap::isPrototype): Use TriState instead of boolean. In
927         response to review feedback, this is an attempt to clarify that our
928         'true' condition is actually just a 'maybe'.
929
930         * runtime/PrototypeMap.h:
931         (PrototypeMap):
932         (JSC::PrototypeMap::isPrototype):
933
934 2013-02-01  Alexis Menard  <alexis@webkit.org>
935
936         Enable unprefixed CSS transitions by default.
937         https://bugs.webkit.org/show_bug.cgi?id=108216
938
939         Reviewed by Dean Jackson.
940
941         Rename the flag CSS_TRANSFORMS_ANIMATIONS_TRANSITIONS_UNPREFIXED
942         to CSS_TRANSFORMS_ANIMATIONS_UNPREFIXED which will be used later to 
943         guard the unprefixing work for CSS Transforms and animations.
944
945         * Configurations/FeatureDefines.xcconfig:
946
947 2013-01-31  Filip Pizlo  <fpizlo@apple.com>
948
949         DFG::CFGSimplificationPhase::keepOperandAlive() conflates liveness and availability
950         https://bugs.webkit.org/show_bug.cgi?id=108580
951
952         Reviewed by Oliver Hunt.
953         
954         This is a harmless bug in that it only results in us keeping a bit too many things
955         for OSR.  But it's worth fixing so that the code is consistent.
956
957         keepOperandAlive() is called when block A has a branch to blocks B and C, but the
958         A->B edge is proven to never be taken and we want to optimize the code to have A
959         unconditionally jump to C.  In that case, for the purposes of OSR, we need to
960         preserve the knowledge that the state that B expected to be live incoming from A
961         ought still to be live up to the point of where the A->B,C branch used to be.  The
962         way we keep things alive is by using the variablesAtTail of A (i.e., we use the
963         knowledge of in what manner A made state available to B and C).  The way we choose
964         which state should be kept alive ought to be chosen by the variablesAtHead of B
965         (i.e. the things B says it needs from its predecessors, including A), except that
966         keepOperandAlive() was previously just using variablesAtTail of A for this
967         purpose.
968         
969         The fix is to have keepOperandAlive() use both liveness and availability in its
970         logic. It should use liveness (i.e. B->variablesAtHead) to decide what to keep
971         alive, and it should use availability (i.e. A->variablesAtTail) to decide how to
972         keep it alive.
973         
974         This might be a microscopic win on some programs, but it's mainly intended to be
975         a code clean-up so that I don't end up scratching my head in confusion the next
976         time I look at this code.
977
978         * dfg/DFGCFGSimplificationPhase.cpp:
979         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
980         (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
981         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
982
983 2013-01-31  Geoffrey Garen  <ggaren@apple.com>
984
985         REGRESSION (r141192): Crash beneath cti_op_get_by_id_generic @ discussions.apple.com
986         https://bugs.webkit.org/show_bug.cgi?id=108576
987
988         Reviewed by Filip Pizlo.
989
990         This was a long-standing bug. The DFG would destructively reuse a register
991         in op_convert_this, but:
992
993             * The bug only presented during speculation failure for type Other
994
995             * The bug presented by removing the low bits of a pointer, which
996             used to be harmless, since all objects were so aligned anyway.
997
998         * dfg/DFGSpeculativeJIT64.cpp:
999         (JSC::DFG::SpeculativeJIT::compile): Don't reuse our this register as
1000         our scratch register. The whole point of our scratch register is to
1001         avoid destructively modifying our this register. I'm pretty sure this
1002         was a copy-paste error.
1003
1004 2013-01-31  Roger Fong  <roger_fong@apple.com>
1005
1006         Unreviewed. Windows build fix.
1007
1008         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1009
1010 2013-01-31  Jessie Berlin  <jberlin@apple.com>
1011
1012         Rolling out r141407 because it is causing crashes under
1013         WTF::TCMalloc_Central_FreeList::FetchFromSpans() in Release builds.
1014
1015         * bytecode/CodeBlock.cpp:
1016         (JSC::CodeBlock::CodeBlock):
1017
1018 2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1019
1020         Objective-C API: JSContext exception property causes reference cycle
1021         https://bugs.webkit.org/show_bug.cgi?id=107778
1022
1023         Reviewed by Darin Adler.
1024
1025         JSContext has a (retain) JSValue * exception property which, when non-null, creates a 
1026         reference cycle (since the JSValue * holds a strong reference back to the JSContext *).
1027
1028         * API/JSContext.mm: Instead of JSValue *, we now use a plain JSValueRef, which eliminates the reference cycle.
1029         (-[JSContext initWithVirtualMachine:]):
1030         (-[JSContext setException:]):
1031         (-[JSContext exception]):
1032
1033 2013-01-31  Roger Fong  <roger_fong@apple.com>
1034
1035         Unreviewed build fix. Win7 port.
1036
1037         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
1038
1039 2013-01-31  Joseph Pecoraro  <pecoraro@apple.com>
1040
1041         Disable ENABLE_FULLSCREEN_API on iOS
1042         https://bugs.webkit.org/show_bug.cgi?id=108250
1043
1044         Reviewed by Benjamin Poulain.
1045
1046         * Configurations/FeatureDefines.xcconfig:
1047
1048 2013-01-31  Mark Hahnenberg  <mhahnenberg@apple.com>
1049
1050         Objective-C API: Fix insertion of values greater than the max index allowed by the spec
1051         https://bugs.webkit.org/show_bug.cgi?id=108264
1052
1053         Reviewed by Oliver Hunt.
1054
1055         Fixed a bug, added a test to the API tests, cleaned up some code.
1056
1057         * API/JSValue.h: Changed some of the documentation on setValue:atIndex: to indicate that 
1058         setting values at indices greater than UINT_MAX - 1 wont' affect the length of JS arrays.
1059         * API/JSValue.mm:
1060         (-[JSValue valueAtIndex:]): We weren't returning when we should have been.
1061         (-[JSValue setValue:atIndex:]): Added a comment about why we do the early check for being larger than UINT_MAX.
1062         (objectToValueWithoutCopy): Removed two redundant cases that were already checked previously.
1063         * API/tests/testapi.mm:
1064
1065 2013-01-30  Andreas Kling  <akling@apple.com>
1066
1067         Vector should consult allocator about ideal size when choosing capacity.
1068         <http://webkit.org/b/108410>
1069         <rdar://problem/13124002>
1070
1071         Reviewed by Benjamin Poulain.
1072
1073         Remove assertion about Vector capacity that won't hold anymore since capacity()
1074         may not be what you passed to reserveCapacity().
1075
1076         * bytecode/CodeBlock.cpp:
1077         (JSC::CodeBlock::CodeBlock):
1078
1079 2013-01-30  Filip Pizlo  <fpizlo@apple.com>
1080
1081         DFG bytecode parser should have more assertions about the status of local accesses
1082         https://bugs.webkit.org/show_bug.cgi?id=108417
1083
1084         Reviewed by Mark Hahnenberg.
1085         
1086         Assert some things that we already know to be true, just to reassure ourselves that they are true.
1087         This is meant as a prerequisite for https://bugs.webkit.org/show_bug.cgi?id=108414, which will
1088         make these rules even stricter.
1089
1090         * dfg/DFGByteCodeParser.cpp:
1091         (JSC::DFG::ByteCodeParser::getLocal):
1092         (JSC::DFG::ByteCodeParser::getArgument):
1093
1094 2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
1095
1096         Objective-C API: JSContext's dealloc causes ASSERT due to ordering of releases
1097         https://bugs.webkit.org/show_bug.cgi?id=107978
1098
1099         Reviewed by Filip Pizlo.
1100
1101         We need to add the Identifier table save/restore in JSContextGroupRelease so that we 
1102         have the correct table if we end up destroying the JSGlobalData/Heap.
1103
1104         * API/JSContextRef.cpp:
1105         (JSContextGroupRelease):
1106
1107 2013-01-30  Mark Hahnenberg  <mhahnenberg@apple.com>
1108
1109         Objective-C API: exceptionHandler needs to be released in JSContext dealloc
1110         https://bugs.webkit.org/show_bug.cgi?id=108378
1111
1112         Reviewed by Filip Pizlo.
1113
1114         JSContext has a (copy) exceptionHandler property that it doesn't release in dealloc. 
1115         That sounds like the potential for a leak. It should be released.
1116
1117         * API/JSContext.mm:
1118         (-[JSContext dealloc]):
1119
1120 2013-01-30  Filip Pizlo  <fpizlo@apple.com>
1121
1122         REGRESSION(140504): pure CSE no longer matches things, 10% regression on Kraken
1123         https://bugs.webkit.org/show_bug.cgi?id=108366
1124
1125         Reviewed by Geoffrey Garen and Mark Hahnenberg.
1126         
1127         This was a longstanding bug that was revealed by http://trac.webkit.org/changeset/140504.
1128         Pure CSE requires that the Node::flags() that may affect the behavior of a node match,
1129         when comparing a possibly redundant node to its possible replacement. It was doing this
1130         by comparing Node::arithNodeFlags(), which as the name might appear to suggest, returns
1131         just those flag bits that correspond to actual node behavior and not auxiliary things.
1132         Unfortunately, Node::arithNodeFlags() wasn't actually masking off the irrelevant bits.
1133         This worked prior to r140504 because CSE itself didn't mutate the flags, so there was a
1134         very high probability that matching nodes would also have completely identical flag bits
1135         (even the ones that aren't relevant to arithmetic behavior, like NodeDoesNotExit). But
1136         r140504 moved one of CSE's side-tables (m_relevantToOSR) into a flag bit for quicker
1137         access. These bits would be mutated as the CSE ran over a basic block, in such a way that
1138         there was a very high probability that the possible replacement would already have the
1139         bit set, while the redundant node did not have the bit set. Since Node::arithNodeFlags()
1140         returned all of the bits, this would cause CSEPhase::pureCSE() to reject the match
1141         almost every time.
1142         
1143         The solution is to make Node::arithNodeFlags() do as its name suggests: only return those
1144         flags that are relevant to arithmetic behavior. This patch introduces a new mask that
1145         represents those bits, and includes NodeBehaviorMask and NodeBackPropMask, which are both
1146         used for queries on Node::arithNodeFlags(), and both affect arithmetic code gen. None of
1147         the other flags are relevant to Node::arithNodeFlags() since they either correspond to
1148         information already conveyed by the opcode (like NodeResultMask, NodeMustGenerate,
1149         NodeHasVarArgs, NodeClobbersWorld, NodeMightClobber) or information that doesn't affect
1150         the result that the node will produce or any of the queries performed on the result of
1151         Node::arithNodeFlags (NodeDoesNotExit and of course NodeRelevantToOSR).
1152         
1153         This is a 10% speed-up on Kraken, undoing the regression from r140504.
1154
1155         * dfg/DFGNode.h:
1156         (JSC::DFG::Node::arithNodeFlags):
1157         * dfg/DFGNodeFlags.h:
1158         (DFG):
1159
1160 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1161
1162         Structure::m_outOfLineCapacity is unnecessary
1163         https://bugs.webkit.org/show_bug.cgi?id=108206
1164
1165         Reviewed by Geoffrey Garen.
1166
1167         We can calculate our out of line capacity by using the outOfLineSize and our knowledge about our resize policy.
1168         According to GDB, this knocks Structures down from 136 bytes to 128 bytes (I'm guessing the extra bytes are from
1169         better alignment of object fields), which puts Structures in a smaller size class. Woohoo! Looks neutral on our 
1170         benchmarks.
1171
1172         * runtime/Structure.cpp:
1173         (JSC::Structure::Structure):
1174         (JSC):
1175         (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
1176         (JSC::Structure::addPropertyTransition):
1177         (JSC::Structure::addPropertyWithoutTransition):
1178         * runtime/Structure.h:
1179         (Structure):
1180         (JSC::Structure::outOfLineCapacity):
1181         (JSC::Structure::totalStorageCapacity):
1182
1183 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
1184
1185         Be a little more conservative about emitting table-based switches
1186         https://bugs.webkit.org/show_bug.cgi?id=108292
1187
1188         Reviewed by Filip Pizlo.
1189
1190         Profiling shows we're using op_switch in cases where it's a regression.
1191
1192         * bytecompiler/NodesCodegen.cpp:
1193         (JSC):
1194         (JSC::length):
1195         (JSC::CaseBlockNode::tryTableSwitch):
1196         (JSC::CaseBlockNode::emitBytecodeForBlock):
1197         * parser/Nodes.h:
1198         (CaseBlockNode):
1199
1200 2013-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>
1201
1202         Unreviewed, rolling out r140983.
1203         http://trac.webkit.org/changeset/140983
1204         https://bugs.webkit.org/show_bug.cgi?id=108277
1205
1206         Unfortunately, this API has one last client (Requested by
1207         abarth on #webkit).
1208
1209         * Configurations/FeatureDefines.xcconfig:
1210
1211 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1212
1213         Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
1214         https://bugs.webkit.org/show_bug.cgi?id=107839
1215
1216         Reviewed by Geoffrey Garen.
1217
1218         Fixing several ASSERTs that were incorrect along with some of the reallocation of m_prototype and 
1219         m_constructor that they were based on.
1220
1221         * API/JSWrapperMap.mm:
1222         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]): We now only allocate those
1223         fields that are null (i.e. have been collected or have never been allocated to begin with).
1224         (-[JSObjCClassInfo reallocateConstructorAndOrPrototype]): Renamed to better indicate that we're 
1225         reallocating one or both of the prototype/constructor combo.
1226         (-[JSObjCClassInfo wrapperForObject:]): Call new reallocate function.
1227         (-[JSObjCClassInfo constructor]): Ditto.
1228
1229 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
1230
1231         Make precise size classes more precise
1232         https://bugs.webkit.org/show_bug.cgi?id=108270
1233
1234         Reviewed by Mark Hahnenberg.
1235
1236         Size inference makes this profitable.
1237
1238         I chose 8 byte increments because JSString is 24 bytes. Otherwise, 16
1239         byte increments might be better.
1240
1241         * heap/Heap.h:
1242         (Heap): Removed firstAllocatorWithoutDestructors because it's unused now.
1243
1244         * heap/MarkedBlock.h:
1245         (MarkedBlock): Updated constants.
1246
1247         * heap/MarkedSpace.h:
1248         (MarkedSpace):
1249         (JSC): Also reduced the maximum precise size class because my testing
1250         has shown that the smaller size classes are much more common. This
1251         offsets some of the size class explosion caused by reducing the precise
1252         increment.
1253
1254         * llint/LLIntData.cpp:
1255         (JSC::LLInt::Data::performAssertions): No need for this ASSERT anymore
1256         because we don't rely on firstAllocatorWithoutDestructors anymore, since
1257         we pick size classes dynamically now.
1258
1259 2013-01-29  Oliver Hunt  <oliver@apple.com>
1260
1261         Add some hardening to methodTable()
1262         https://bugs.webkit.org/show_bug.cgi?id=108253
1263
1264         Reviewed by Mark Hahnenberg.
1265
1266         When accessing methodTable() we now always make sure that our
1267         structure _could_ be valid.  Added a separate method to get a
1268         classes methodTable during destruction as it's not possible to
1269         validate the structure at that point.  This separation might
1270         also make it possible to improve the performance of methodTable
1271         access more generally in future.
1272
1273         * heap/MarkedBlock.cpp:
1274         (JSC::MarkedBlock::callDestructor):
1275         * runtime/JSCell.h:
1276         (JSCell):
1277         * runtime/JSCellInlines.h:
1278         (JSC::JSCell::methodTableForDestruction):
1279         (JSC):
1280         (JSC::JSCell::methodTable):
1281
1282 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
1283
1284         offlineasm BaseIndex handling is broken on ARM due to MIPS changes
1285         https://bugs.webkit.org/show_bug.cgi?id=108261
1286
1287         Reviewed by Oliver Hunt.
1288         
1289         Backends shouldn't override each other's methods. That's not cool.
1290
1291         * offlineasm/mips.rb:
1292
1293 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
1294
1295         cloop.rb shouldn't use a method called 'dump' for code generation
1296         https://bugs.webkit.org/show_bug.cgi?id=108251
1297
1298         Reviewed by Mark Hahnenberg.
1299         
1300         Revert http://trac.webkit.org/changeset/141178 and rename 'dump' to 'clDump'.
1301         
1302         Also made trivial build fixes for !ENABLE(JIT).
1303
1304         * offlineasm/cloop.rb:
1305         * runtime/Executable.h:
1306         (ExecutableBase):
1307         (JSC::ExecutableBase::intrinsicFor):
1308         * runtime/JSGlobalData.h:
1309
1310 2013-01-29  Geoffrey Garen  <ggaren@apple.com>
1311
1312         Removed GGC because it has been disabled for a long time
1313         https://bugs.webkit.org/show_bug.cgi?id=108245
1314
1315         Reviewed by Filip Pizlo.
1316
1317         * GNUmakefile.list.am:
1318         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
1319         * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
1320         * JavaScriptCore.xcodeproj/project.pbxproj:
1321         * dfg/DFGRepatch.cpp:
1322         (JSC::DFG::emitPutReplaceStub):
1323         (JSC::DFG::emitPutTransitionStub):
1324         * dfg/DFGSpeculativeJIT.cpp:
1325         (JSC::DFG::SpeculativeJIT::writeBarrier):
1326         * dfg/DFGSpeculativeJIT.h:
1327         (SpeculativeJIT):
1328         * dfg/DFGSpeculativeJIT32_64.cpp:
1329         (JSC::DFG::SpeculativeJIT::compile):
1330         * dfg/DFGSpeculativeJIT64.cpp:
1331         (JSC::DFG::SpeculativeJIT::compile):
1332         * heap/CardSet.h: Removed.
1333         * heap/Heap.cpp:
1334         (JSC::Heap::markRoots):
1335         (JSC::Heap::collect):
1336         * heap/Heap.h:
1337         (Heap):
1338         (JSC::Heap::shouldCollect):
1339         (JSC::Heap::isWriteBarrierEnabled):
1340         (JSC):
1341         (JSC::Heap::writeBarrier):
1342         * heap/MarkedBlock.h:
1343         (MarkedBlock):
1344         (JSC):
1345         * heap/MarkedSpace.cpp:
1346         (JSC):
1347         * jit/JITPropertyAccess.cpp:
1348         (JSC::JIT::emitWriteBarrier):
1349
1350 2013-01-29  Filip Pizlo  <fpizlo@apple.com>
1351
1352         Remove redundant AST dump method from cloop.rb, since they are already defined in ast.rb
1353         https://bugs.webkit.org/show_bug.cgi?id=108247
1354
1355         Reviewed by Oliver Hunt.
1356         
1357         Makes offlineasm dumping easier to read and less likely to cause assertion failures.
1358         Also fixes the strange situation where cloop.rb and ast.rb both defined dump methods,
1359         but cloop.rb was winning.
1360
1361         * offlineasm/cloop.rb:
1362
1363 2013-01-29  Mark Hahnenberg  <mhahnenberg@apple.com>
1364
1365         Objective-C API: JSObjCClassInfo creates reference cycle with JSContext
1366         https://bugs.webkit.org/show_bug.cgi?id=107839
1367
1368         Reviewed by Oliver Hunt.
1369
1370         JSContext has a JSWrapperMap, which has an NSMutableDictionary m_classMap, which has values that 
1371         are JSObjCClassInfo objects, which have strong references to two JSValue *'s, m_prototype and 
1372         m_constructor, which in turn have strong references to the JSContext, creating a reference cycle. 
1373         We should make m_prototype and m_constructor Weak<JSObject>. This gets rid of the strong reference 
1374         to the JSContext and also prevents clients from accidentally creating reference cycles by assigning 
1375         to the prototype of the constructor. If Weak<JSObject> fields are ever garbage collected, we will 
1376         reallocate them.
1377
1378         * API/JSContext.mm:
1379         (-[JSContext wrapperMap]):
1380         * API/JSContextInternal.h:
1381         * API/JSWrapperMap.mm:
1382         (-[JSObjCClassInfo initWithContext:forClass:superClassInfo:]):
1383         (-[JSObjCClassInfo dealloc]):
1384         (-[JSObjCClassInfo allocateConstructorAndPrototypeWithSuperClassInfo:]):
1385         (-[JSObjCClassInfo allocateConstructorAndPrototype]):
1386         (-[JSObjCClassInfo wrapperForObject:]):
1387         (-[JSObjCClassInfo constructor]):
1388
1389 2013-01-29  Oliver Hunt  <oliver@apple.com>
1390
1391         REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute
1392         https://bugs.webkit.org/show_bug.cgi?id=108097
1393
1394         Reviewed by Geoffrey Garen.
1395
1396         LiteralParser was accepting a bogus 'var a.b = c' statement
1397
1398         * runtime/LiteralParser.cpp:
1399         (JSC::::tryJSONPParse):
1400
1401 2013-01-29  Oliver Hunt  <oliver@apple.com>
1402
1403         Force debug builds to do bounds checks on contiguous property storage
1404         https://bugs.webkit.org/show_bug.cgi?id=108212
1405
1406         Reviewed by Mark Hahnenberg.
1407
1408         Add a ContiguousData type that we use to represent contiguous property
1409         storage.  In release builds it is simply a pointer to the correct type,
1410         but in debug builds it also carries the data length and performs bounds
1411         checks.  This means we don't have to add as many manual bounds assertions
1412         when performing operations over contiguous data.
1413
1414         * dfg/DFGOperations.cpp:
1415         * runtime/ArrayStorage.h:
1416         (ArrayStorage):
1417         (JSC::ArrayStorage::vector):
1418         * runtime/Butterfly.h:
1419         (JSC::ContiguousData::ContiguousData):
1420         (ContiguousData):
1421         (JSC::ContiguousData::operator[]):
1422         (JSC::ContiguousData::data):
1423         (JSC::ContiguousData::length):
1424         (JSC):
1425         (JSC::Butterfly::contiguousInt32):
1426         (Butterfly):
1427         (JSC::Butterfly::contiguousDouble):
1428         (JSC::Butterfly::contiguous):
1429         * runtime/JSArray.cpp:
1430         (JSC::JSArray::sortNumericVector):
1431         (ContiguousTypeAccessor):
1432         (JSC::ContiguousTypeAccessor::getAsValue):
1433         (JSC::ContiguousTypeAccessor::setWithValue):
1434         (JSC::ContiguousTypeAccessor::replaceDataReference):
1435         (JSC):
1436         (JSC::JSArray::sortCompactedVector):
1437         (JSC::JSArray::sort):
1438         (JSC::JSArray::fillArgList):
1439         (JSC::JSArray::copyToArguments):
1440         * runtime/JSArray.h:
1441         (JSArray):
1442         * runtime/JSObject.cpp:
1443         (JSC::JSObject::copyButterfly):
1444         (JSC::JSObject::visitButterfly):
1445         (JSC::JSObject::createInitialInt32):
1446         (JSC::JSObject::createInitialDouble):
1447         (JSC::JSObject::createInitialContiguous):
1448         (JSC::JSObject::convertUndecidedToInt32):
1449         (JSC::JSObject::convertUndecidedToDouble):
1450         (JSC::JSObject::convertUndecidedToContiguous):
1451         (JSC::JSObject::convertInt32ToDouble):
1452         (JSC::JSObject::convertInt32ToContiguous):
1453         (JSC::JSObject::genericConvertDoubleToContiguous):
1454         (JSC::JSObject::convertDoubleToContiguous):
1455         (JSC::JSObject::rageConvertDoubleToContiguous):
1456         (JSC::JSObject::ensureInt32Slow):
1457         (JSC::JSObject::ensureDoubleSlow):
1458         (JSC::JSObject::ensureContiguousSlow):
1459         (JSC::JSObject::rageEnsureContiguousSlow):
1460         (JSC::JSObject::ensureLengthSlow):
1461         * runtime/JSObject.h:
1462         (JSC::JSObject::ensureInt32):
1463         (JSC::JSObject::ensureDouble):
1464         (JSC::JSObject::ensureContiguous):
1465         (JSC::JSObject::rageEnsureContiguous):
1466         (JSObject):
1467         (JSC::JSObject::indexingData):
1468         (JSC::JSObject::currentIndexingData):
1469
1470 2013-01-29  Brent Fulgham  <bfulgham@webkit.org>
1471
1472         [Windows, WinCairo] Unreviewed build fix after r141050
1473
1474         * JavaScriptCore.vcxproj/JavaScriptCoreExports.def: Update symbols
1475         to match JavaScriptCore.vcproj version.
1476
1477 2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
1478
1479         [Qt] Implement GCActivityCallback
1480         https://bugs.webkit.org/show_bug.cgi?id=103998
1481
1482         Reviewed by Simon Hausmann.
1483
1484         Implements the activity triggered garbage collector.
1485
1486         * runtime/GCActivityCallback.cpp:
1487         (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
1488         (JSC::DefaultGCActivityCallback::scheduleTimer):
1489         (JSC::DefaultGCActivityCallback::cancelTimer):
1490         * runtime/GCActivityCallback.h:
1491         (GCActivityCallback):
1492         (DefaultGCActivityCallback):
1493
1494 2013-01-29  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
1495
1496         Compilation warning in JSC
1497         https://bugs.webkit.org/show_bug.cgi?id=108178
1498
1499         Reviewed by Kentaro Hara.
1500
1501         Fixed 'comparison between signed and unsigned integer' warning in JSC::Structure constructor.
1502
1503         * runtime/Structure.cpp:
1504         (JSC::Structure::Structure):
1505
1506 2013-01-29  Jocelyn Turcotte  <jocelyn.turcotte@digia.com>
1507
1508         [Qt] Fix the JSC build on Mac
1509
1510         Unreviewed, build fix.
1511
1512         * heap/HeapTimer.h:
1513         Qt on Mac has USE(CF) true, and should use the CF HeapTimer in that case.
1514
1515 2013-01-29  Allan Sandfeld Jensen  <allan.jensen@digia.com>
1516
1517         [Qt] Implement IncrementalSweeper and HeapTimer
1518         https://bugs.webkit.org/show_bug.cgi?id=103996
1519
1520         Reviewed by Simon Hausmann.
1521
1522         Implements the incremental sweeping garbage collection for the Qt platform.
1523
1524         * heap/HeapTimer.cpp:
1525         (JSC::HeapTimer::HeapTimer):
1526         (JSC::HeapTimer::~HeapTimer):
1527         (JSC::HeapTimer::timerEvent):
1528         (JSC::HeapTimer::synchronize):
1529         (JSC::HeapTimer::invalidate):
1530         (JSC::HeapTimer::didStartVMShutdown):
1531         * heap/HeapTimer.h:
1532         (HeapTimer):
1533         * heap/IncrementalSweeper.cpp:
1534         (JSC::IncrementalSweeper::IncrementalSweeper):
1535         (JSC::IncrementalSweeper::scheduleTimer):
1536         * heap/IncrementalSweeper.h:
1537         (IncrementalSweeper):
1538
1539 2013-01-28  Filip Pizlo  <fpizlo@apple.com>
1540
1541         DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
1542         https://bugs.webkit.org/show_bug.cgi?id=106868
1543
1544         Reviewed by Oliver Hunt.
1545         
1546         This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
1547         uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
1548         for debugging (Node::index(), which is not guaranteed to be O(1)).
1549         
1550         1% speed-up on SunSpider, presumably because this improves compile times.
1551
1552         * CMakeLists.txt:
1553         * GNUmakefile.list.am:
1554         * JavaScriptCore.xcodeproj/project.pbxproj:
1555         * Target.pri:
1556         * bytecode/DataFormat.h:
1557         (JSC::dataFormatToString):
1558         * dfg/DFGAbstractState.cpp:
1559         (JSC::DFG::AbstractState::initialize):
1560         (JSC::DFG::AbstractState::booleanResult):
1561         (JSC::DFG::AbstractState::execute):
1562         (JSC::DFG::AbstractState::mergeStateAtTail):
1563         (JSC::DFG::AbstractState::mergeToSuccessors):
1564         (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
1565         (JSC::DFG::AbstractState::dump):
1566         * dfg/DFGAbstractState.h:
1567         (DFG):
1568         (JSC::DFG::AbstractState::forNode):
1569         (AbstractState):
1570         (JSC::DFG::AbstractState::speculateInt32Unary):
1571         (JSC::DFG::AbstractState::speculateNumberUnary):
1572         (JSC::DFG::AbstractState::speculateBooleanUnary):
1573         (JSC::DFG::AbstractState::speculateInt32Binary):
1574         (JSC::DFG::AbstractState::speculateNumberBinary):
1575         (JSC::DFG::AbstractState::trySetConstant):
1576         * dfg/DFGAbstractValue.h:
1577         (AbstractValue):
1578         * dfg/DFGAdjacencyList.h:
1579         (JSC::DFG::AdjacencyList::AdjacencyList):
1580         (JSC::DFG::AdjacencyList::initialize):
1581         * dfg/DFGAllocator.h: Added.
1582         (DFG):
1583         (Allocator):
1584         (JSC::DFG::Allocator::Region::size):
1585         (JSC::DFG::Allocator::Region::headerSize):
1586         (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
1587         (JSC::DFG::Allocator::Region::data):
1588         (JSC::DFG::Allocator::Region::isInThisRegion):
1589         (JSC::DFG::Allocator::Region::regionFor):
1590         (Region):
1591         (JSC::DFG::::Allocator):
1592         (JSC::DFG::::~Allocator):
1593         (JSC::DFG::::allocate):
1594         (JSC::DFG::::free):
1595         (JSC::DFG::::freeAll):
1596         (JSC::DFG::::reset):
1597         (JSC::DFG::::indexOf):
1598         (JSC::DFG::::allocatorOf):
1599         (JSC::DFG::::bumpAllocate):
1600         (JSC::DFG::::freeListAllocate):
1601         (JSC::DFG::::allocateSlow):
1602         (JSC::DFG::::freeRegionsStartingAt):
1603         (JSC::DFG::::startBumpingIn):
1604         * dfg/DFGArgumentsSimplificationPhase.cpp:
1605         (JSC::DFG::ArgumentsSimplificationPhase::run):
1606         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
1607         (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
1608         (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
1609         (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
1610         (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
1611         * dfg/DFGArrayMode.cpp:
1612         (JSC::DFG::ArrayMode::originalArrayStructure):
1613         (JSC::DFG::ArrayMode::alreadyChecked):
1614         * dfg/DFGArrayMode.h:
1615         (ArrayMode):
1616         * dfg/DFGArrayifySlowPathGenerator.h:
1617         (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
1618         * dfg/DFGBasicBlock.h:
1619         (JSC::DFG::BasicBlock::node):
1620         (JSC::DFG::BasicBlock::isInPhis):
1621         (JSC::DFG::BasicBlock::isInBlock):
1622         (BasicBlock):
1623         * dfg/DFGBasicBlockInlines.h:
1624         (DFG):
1625         * dfg/DFGByteCodeParser.cpp:
1626         (ByteCodeParser):
1627         (JSC::DFG::ByteCodeParser::getDirect):
1628         (JSC::DFG::ByteCodeParser::get):
1629         (JSC::DFG::ByteCodeParser::setDirect):
1630         (JSC::DFG::ByteCodeParser::set):
1631         (JSC::DFG::ByteCodeParser::setPair):
1632         (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
1633         (JSC::DFG::ByteCodeParser::getLocal):
1634         (JSC::DFG::ByteCodeParser::setLocal):
1635         (JSC::DFG::ByteCodeParser::getArgument):
1636         (JSC::DFG::ByteCodeParser::setArgument):
1637         (JSC::DFG::ByteCodeParser::flushDirect):
1638         (JSC::DFG::ByteCodeParser::getToInt32):
1639         (JSC::DFG::ByteCodeParser::toInt32):
1640         (JSC::DFG::ByteCodeParser::getJSConstantForValue):
1641         (JSC::DFG::ByteCodeParser::getJSConstant):
1642         (JSC::DFG::ByteCodeParser::getCallee):
1643         (JSC::DFG::ByteCodeParser::getThis):
1644         (JSC::DFG::ByteCodeParser::setThis):
1645         (JSC::DFG::ByteCodeParser::isJSConstant):
1646         (JSC::DFG::ByteCodeParser::isInt32Constant):
1647         (JSC::DFG::ByteCodeParser::valueOfJSConstant):
1648         (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
1649         (JSC::DFG::ByteCodeParser::constantUndefined):
1650         (JSC::DFG::ByteCodeParser::constantNull):
1651         (JSC::DFG::ByteCodeParser::one):
1652         (JSC::DFG::ByteCodeParser::constantNaN):
1653         (JSC::DFG::ByteCodeParser::cellConstant):
1654         (JSC::DFG::ByteCodeParser::addToGraph):
1655         (JSC::DFG::ByteCodeParser::insertPhiNode):
1656         (JSC::DFG::ByteCodeParser::addVarArgChild):
1657         (JSC::DFG::ByteCodeParser::addCall):
1658         (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
1659         (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
1660         (JSC::DFG::ByteCodeParser::getPrediction):
1661         (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
1662         (JSC::DFG::ByteCodeParser::makeSafe):
1663         (JSC::DFG::ByteCodeParser::makeDivSafe):
1664         (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
1665         (ConstantRecord):
1666         (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
1667         (PhiStackEntry):
1668         (JSC::DFG::ByteCodeParser::handleCall):
1669         (JSC::DFG::ByteCodeParser::emitFunctionChecks):
1670         (JSC::DFG::ByteCodeParser::handleInlining):
1671         (JSC::DFG::ByteCodeParser::setIntrinsicResult):
1672         (JSC::DFG::ByteCodeParser::handleMinMax):
1673         (JSC::DFG::ByteCodeParser::handleIntrinsic):
1674         (JSC::DFG::ByteCodeParser::handleGetByOffset):
1675         (JSC::DFG::ByteCodeParser::handleGetById):
1676         (JSC::DFG::ByteCodeParser::getScope):
1677         (JSC::DFG::ByteCodeParser::parseResolveOperations):
1678         (JSC::DFG::ByteCodeParser::parseBlock):
1679         (JSC::DFG::ByteCodeParser::processPhiStack):
1680         (JSC::DFG::ByteCodeParser::linkBlock):
1681         (JSC::DFG::ByteCodeParser::parseCodeBlock):
1682         (JSC::DFG::ByteCodeParser::parse):
1683         * dfg/DFGCFAPhase.cpp:
1684         (JSC::DFG::CFAPhase::performBlockCFA):
1685         * dfg/DFGCFGSimplificationPhase.cpp:
1686         (JSC::DFG::CFGSimplificationPhase::run):
1687         (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
1688         (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
1689         (JSC::DFG::CFGSimplificationPhase::fixPhis):
1690         (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
1691         (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
1692         (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
1693         (OperandSubstitution):
1694         (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
1695         (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
1696         (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
1697         (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
1698         * dfg/DFGCSEPhase.cpp:
1699         (JSC::DFG::CSEPhase::canonicalize):
1700         (JSC::DFG::CSEPhase::endIndexForPureCSE):
1701         (JSC::DFG::CSEPhase::pureCSE):
1702         (JSC::DFG::CSEPhase::constantCSE):
1703         (JSC::DFG::CSEPhase::weakConstantCSE):
1704         (JSC::DFG::CSEPhase::getCalleeLoadElimination):
1705         (JSC::DFG::CSEPhase::getArrayLengthElimination):
1706         (JSC::DFG::CSEPhase::globalVarLoadElimination):
1707         (JSC::DFG::CSEPhase::scopedVarLoadElimination):
1708         (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
1709         (JSC::DFG::CSEPhase::globalVarStoreElimination):
1710         (JSC::DFG::CSEPhase::scopedVarStoreElimination):
1711         (JSC::DFG::CSEPhase::getByValLoadElimination):
1712         (JSC::DFG::CSEPhase::checkFunctionElimination):
1713         (JSC::DFG::CSEPhase::checkExecutableElimination):
1714         (JSC::DFG::CSEPhase::checkStructureElimination):
1715         (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
1716         (JSC::DFG::CSEPhase::putStructureStoreElimination):
1717         (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
1718         (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
1719         (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
1720         (JSC::DFG::CSEPhase::checkArrayElimination):
1721         (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
1722         (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
1723         (JSC::DFG::CSEPhase::getLocalLoadElimination):
1724         (JSC::DFG::CSEPhase::setLocalStoreElimination):
1725         (JSC::DFG::CSEPhase::performSubstitution):
1726         (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
1727         (JSC::DFG::CSEPhase::setReplacement):
1728         (JSC::DFG::CSEPhase::eliminate):
1729         (JSC::DFG::CSEPhase::performNodeCSE):
1730         (JSC::DFG::CSEPhase::performBlockCSE):
1731         (CSEPhase):
1732         * dfg/DFGCommon.cpp: Added.
1733         (DFG):
1734         (JSC::DFG::NodePointerTraits::dump):
1735         * dfg/DFGCommon.h:
1736         (DFG):
1737         (JSC::DFG::NodePointerTraits::defaultValue):
1738         (NodePointerTraits):
1739         (JSC::DFG::verboseCompilationEnabled):
1740         (JSC::DFG::shouldDumpGraphAtEachPhase):
1741         (JSC::DFG::validationEnabled):
1742         * dfg/DFGConstantFoldingPhase.cpp:
1743         (JSC::DFG::ConstantFoldingPhase::foldConstants):
1744         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
1745         (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
1746         (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
1747         * dfg/DFGDisassembler.cpp:
1748         (JSC::DFG::Disassembler::Disassembler):
1749         (JSC::DFG::Disassembler::createDumpList):
1750         (JSC::DFG::Disassembler::dumpDisassembly):
1751         * dfg/DFGDisassembler.h:
1752         (JSC::DFG::Disassembler::setForNode):
1753         (Disassembler):
1754         * dfg/DFGDriver.cpp:
1755         (JSC::DFG::compile):
1756         * dfg/DFGEdge.cpp: Added.
1757         (DFG):
1758         (JSC::DFG::Edge::dump):
1759         * dfg/DFGEdge.h:
1760         (JSC::DFG::Edge::Edge):
1761         (JSC::DFG::Edge::node):
1762         (JSC::DFG::Edge::operator*):
1763         (JSC::DFG::Edge::operator->):
1764         (Edge):
1765         (JSC::DFG::Edge::setNode):
1766         (JSC::DFG::Edge::useKind):
1767         (JSC::DFG::Edge::setUseKind):
1768         (JSC::DFG::Edge::isSet):
1769         (JSC::DFG::Edge::shift):
1770         (JSC::DFG::Edge::makeWord):
1771         (JSC::DFG::operator==):
1772         (JSC::DFG::operator!=):
1773         * dfg/DFGFixupPhase.cpp:
1774         (JSC::DFG::FixupPhase::fixupBlock):
1775         (JSC::DFG::FixupPhase::fixupNode):
1776         (JSC::DFG::FixupPhase::checkArray):
1777         (JSC::DFG::FixupPhase::blessArrayOperation):
1778         (JSC::DFG::FixupPhase::fixIntEdge):
1779         (JSC::DFG::FixupPhase::fixDoubleEdge):
1780         (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
1781         (FixupPhase):
1782         * dfg/DFGGenerationInfo.h:
1783         (JSC::DFG::GenerationInfo::GenerationInfo):
1784         (JSC::DFG::GenerationInfo::initConstant):
1785         (JSC::DFG::GenerationInfo::initInteger):
1786         (JSC::DFG::GenerationInfo::initJSValue):
1787         (JSC::DFG::GenerationInfo::initCell):
1788         (JSC::DFG::GenerationInfo::initBoolean):
1789         (JSC::DFG::GenerationInfo::initDouble):
1790         (JSC::DFG::GenerationInfo::initStorage):
1791         (GenerationInfo):
1792         (JSC::DFG::GenerationInfo::node):
1793         (JSC::DFG::GenerationInfo::noticeOSRBirth):
1794         (JSC::DFG::GenerationInfo::use):
1795         (JSC::DFG::GenerationInfo::appendFill):
1796         (JSC::DFG::GenerationInfo::appendSpill):
1797         * dfg/DFGGraph.cpp:
1798         (JSC::DFG::Graph::Graph):
1799         (JSC::DFG::Graph::~Graph):
1800         (DFG):
1801         (JSC::DFG::Graph::dumpCodeOrigin):
1802         (JSC::DFG::Graph::amountOfNodeWhiteSpace):
1803         (JSC::DFG::Graph::printNodeWhiteSpace):
1804         (JSC::DFG::Graph::dump):
1805         (JSC::DFG::Graph::dumpBlockHeader):
1806         (JSC::DFG::Graph::refChildren):
1807         (JSC::DFG::Graph::derefChildren):
1808         (JSC::DFG::Graph::predictArgumentTypes):
1809         (JSC::DFG::Graph::collectGarbage):
1810         (JSC::DFG::Graph::determineReachability):
1811         (JSC::DFG::Graph::resetExitStates):
1812         * dfg/DFGGraph.h:
1813         (Graph):
1814         (JSC::DFG::Graph::ref):
1815         (JSC::DFG::Graph::deref):
1816         (JSC::DFG::Graph::changeChild):
1817         (JSC::DFG::Graph::compareAndSwap):
1818         (JSC::DFG::Graph::clearAndDerefChild):
1819         (JSC::DFG::Graph::clearAndDerefChild1):
1820         (JSC::DFG::Graph::clearAndDerefChild2):
1821         (JSC::DFG::Graph::clearAndDerefChild3):
1822         (JSC::DFG::Graph::convertToConstant):
1823         (JSC::DFG::Graph::getJSConstantSpeculation):
1824         (JSC::DFG::Graph::addSpeculationMode):
1825         (JSC::DFG::Graph::valueAddSpeculationMode):
1826         (JSC::DFG::Graph::arithAddSpeculationMode):
1827         (JSC::DFG::Graph::addShouldSpeculateInteger):
1828         (JSC::DFG::Graph::mulShouldSpeculateInteger):
1829         (JSC::DFG::Graph::negateShouldSpeculateInteger):
1830         (JSC::DFG::Graph::isConstant):
1831         (JSC::DFG::Graph::isJSConstant):
1832         (JSC::DFG::Graph::isInt32Constant):
1833         (JSC::DFG::Graph::isDoubleConstant):
1834         (JSC::DFG::Graph::isNumberConstant):
1835         (JSC::DFG::Graph::isBooleanConstant):
1836         (JSC::DFG::Graph::isCellConstant):
1837         (JSC::DFG::Graph::isFunctionConstant):
1838         (JSC::DFG::Graph::isInternalFunctionConstant):
1839         (JSC::DFG::Graph::valueOfJSConstant):
1840         (JSC::DFG::Graph::valueOfInt32Constant):
1841         (JSC::DFG::Graph::valueOfNumberConstant):
1842         (JSC::DFG::Graph::valueOfBooleanConstant):
1843         (JSC::DFG::Graph::valueOfFunctionConstant):
1844         (JSC::DFG::Graph::valueProfileFor):
1845         (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
1846         (JSC::DFG::Graph::numSuccessors):
1847         (JSC::DFG::Graph::successor):
1848         (JSC::DFG::Graph::successorForCondition):
1849         (JSC::DFG::Graph::isPredictedNumerical):
1850         (JSC::DFG::Graph::byValIsPure):
1851         (JSC::DFG::Graph::clobbersWorld):
1852         (JSC::DFG::Graph::varArgNumChildren):
1853         (JSC::DFG::Graph::numChildren):
1854         (JSC::DFG::Graph::varArgChild):
1855         (JSC::DFG::Graph::child):
1856         (JSC::DFG::Graph::voteNode):
1857         (JSC::DFG::Graph::voteChildren):
1858         (JSC::DFG::Graph::substitute):
1859         (JSC::DFG::Graph::substituteGetLocal):
1860         (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
1861         (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
1862         * dfg/DFGInsertionSet.h:
1863         (JSC::DFG::Insertion::Insertion):
1864         (JSC::DFG::Insertion::element):
1865         (Insertion):
1866         (JSC::DFG::InsertionSet::insert):
1867         (InsertionSet):
1868         * dfg/DFGJITCompiler.cpp:
1869         * dfg/DFGJITCompiler.h:
1870         (JSC::DFG::JITCompiler::setForNode):
1871         (JSC::DFG::JITCompiler::addressOfDoubleConstant):
1872         (JSC::DFG::JITCompiler::noticeOSREntry):
1873         * dfg/DFGLongLivedState.cpp: Added.
1874         (DFG):
1875         (JSC::DFG::LongLivedState::LongLivedState):
1876         (JSC::DFG::LongLivedState::~LongLivedState):
1877         (JSC::DFG::LongLivedState::shrinkToFit):
1878         * dfg/DFGLongLivedState.h: Added.
1879         (DFG):
1880         (LongLivedState):
1881         * dfg/DFGMinifiedID.h:
1882         (JSC::DFG::MinifiedID::MinifiedID):
1883         (JSC::DFG::MinifiedID::node):
1884         * dfg/DFGMinifiedNode.cpp:
1885         (JSC::DFG::MinifiedNode::fromNode):
1886         * dfg/DFGMinifiedNode.h:
1887         (MinifiedNode):
1888         * dfg/DFGNode.cpp: Added.
1889         (DFG):
1890         (JSC::DFG::Node::index):
1891         (WTF):
1892         (WTF::printInternal):
1893         * dfg/DFGNode.h:
1894         (DFG):
1895         (JSC::DFG::Node::Node):
1896         (Node):
1897         (JSC::DFG::Node::convertToGetByOffset):
1898         (JSC::DFG::Node::convertToPutByOffset):
1899         (JSC::DFG::Node::ref):
1900         (JSC::DFG::Node::shouldSpeculateInteger):
1901         (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
1902         (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
1903         (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
1904         (JSC::DFG::Node::shouldSpeculateNumber):
1905         (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
1906         (JSC::DFG::Node::shouldSpeculateFinalObject):
1907         (JSC::DFG::Node::shouldSpeculateArray):
1908         (JSC::DFG::Node::dumpChildren):
1909         (WTF):
1910         * dfg/DFGNodeAllocator.h: Added.
1911         (DFG):
1912         (operator new ):
1913         * dfg/DFGOSRExit.cpp:
1914         (JSC::DFG::OSRExit::OSRExit):
1915         * dfg/DFGOSRExit.h:
1916         (OSRExit):
1917         (SpeculationFailureDebugInfo):
1918         * dfg/DFGOSRExitCompiler.cpp:
1919         * dfg/DFGOSRExitCompiler32_64.cpp:
1920         (JSC::DFG::OSRExitCompiler::compileExit):
1921         * dfg/DFGOSRExitCompiler64.cpp:
1922         (JSC::DFG::OSRExitCompiler::compileExit):
1923         * dfg/DFGOperations.cpp:
1924         * dfg/DFGPhase.cpp:
1925         (DFG):
1926         (JSC::DFG::Phase::beginPhase):
1927         (JSC::DFG::Phase::endPhase):
1928         * dfg/DFGPhase.h:
1929         (Phase):
1930         (JSC::DFG::runAndLog):
1931         * dfg/DFGPredictionPropagationPhase.cpp:
1932         (JSC::DFG::PredictionPropagationPhase::setPrediction):
1933         (JSC::DFG::PredictionPropagationPhase::mergePrediction):
1934         (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
1935         (JSC::DFG::PredictionPropagationPhase::isNotZero):
1936         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
1937         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
1938         (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
1939         (JSC::DFG::PredictionPropagationPhase::propagate):
1940         (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
1941         (JSC::DFG::PredictionPropagationPhase::propagateForward):
1942         (JSC::DFG::PredictionPropagationPhase::propagateBackward):
1943         (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
1944         (PredictionPropagationPhase):
1945         (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
1946         * dfg/DFGScoreBoard.h:
1947         (JSC::DFG::ScoreBoard::ScoreBoard):
1948         (JSC::DFG::ScoreBoard::use):
1949         (JSC::DFG::ScoreBoard::useIfHasResult):
1950         (ScoreBoard):
1951         * dfg/DFGSilentRegisterSavePlan.h:
1952         (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
1953         (JSC::DFG::SilentRegisterSavePlan::node):
1954         (SilentRegisterSavePlan):
1955         * dfg/DFGSlowPathGenerator.h:
1956         (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
1957         (JSC::DFG::SlowPathGenerator::generate):
1958         (SlowPathGenerator):
1959         * dfg/DFGSpeculativeJIT.cpp:
1960         (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
1961         (JSC::DFG::SpeculativeJIT::speculationCheck):
1962         (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
1963         (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
1964         (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
1965         (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
1966         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
1967         (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
1968         (JSC::DFG::SpeculativeJIT::silentSpill):
1969         (JSC::DFG::SpeculativeJIT::silentFill):
1970         (JSC::DFG::SpeculativeJIT::checkArray):
1971         (JSC::DFG::SpeculativeJIT::arrayify):
1972         (JSC::DFG::SpeculativeJIT::fillStorage):
1973         (JSC::DFG::SpeculativeJIT::useChildren):
1974         (JSC::DFG::SpeculativeJIT::isStrictInt32):
1975         (JSC::DFG::SpeculativeJIT::isKnownInteger):
1976         (JSC::DFG::SpeculativeJIT::isKnownNumeric):
1977         (JSC::DFG::SpeculativeJIT::isKnownCell):
1978         (JSC::DFG::SpeculativeJIT::isKnownNotCell):
1979         (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
1980         (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
1981         (JSC::DFG::SpeculativeJIT::writeBarrier):
1982         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
1983         (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
1984         (JSC::DFG::GPRTemporary::GPRTemporary):
1985         (JSC::DFG::FPRTemporary::FPRTemporary):
1986         (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
1987         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
1988         (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
1989         (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
1990         (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
1991         (JSC::DFG::SpeculativeJIT::compileMovHint):
1992         (JSC::DFG::SpeculativeJIT::compile):
1993         (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
1994         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
1995         (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
1996         (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
1997         (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
1998         (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
1999         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
2000         (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
2001         (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
2002         (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
2003         (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
2004         (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
2005         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
2006         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
2007         (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
2008         (JSC::DFG::SpeculativeJIT::compileInstanceOf):
2009         (JSC::DFG::SpeculativeJIT::compileSoftModulo):
2010         (JSC::DFG::SpeculativeJIT::compileAdd):
2011         (JSC::DFG::SpeculativeJIT::compileArithSub):
2012         (JSC::DFG::SpeculativeJIT::compileArithNegate):
2013         (JSC::DFG::SpeculativeJIT::compileArithMul):
2014         (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
2015         (JSC::DFG::SpeculativeJIT::compileArithMod):
2016         (JSC::DFG::SpeculativeJIT::compare):
2017         (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
2018         (JSC::DFG::SpeculativeJIT::compileStrictEq):
2019         (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
2020         (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
2021         (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
2022         (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
2023         (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
2024         (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
2025         (JSC::DFG::SpeculativeJIT::compileRegExpExec):
2026         (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
2027         (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
2028         * dfg/DFGSpeculativeJIT.h:
2029         (SpeculativeJIT):
2030         (JSC::DFG::SpeculativeJIT::canReuse):
2031         (JSC::DFG::SpeculativeJIT::isFilled):
2032         (JSC::DFG::SpeculativeJIT::isFilledDouble):
2033         (JSC::DFG::SpeculativeJIT::use):
2034         (JSC::DFG::SpeculativeJIT::isConstant):
2035         (JSC::DFG::SpeculativeJIT::isJSConstant):
2036         (JSC::DFG::SpeculativeJIT::isInt32Constant):
2037         (JSC::DFG::SpeculativeJIT::isDoubleConstant):
2038         (JSC::DFG::SpeculativeJIT::isNumberConstant):
2039         (JSC::DFG::SpeculativeJIT::isBooleanConstant):
2040         (JSC::DFG::SpeculativeJIT::isFunctionConstant):
2041         (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
2042         (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
2043         (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
2044         (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
2045         (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
2046         (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
2047         (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
2048         (JSC::DFG::SpeculativeJIT::isNullConstant):
2049         (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
2050         (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
2051         (JSC::DFG::SpeculativeJIT::integerResult):
2052         (JSC::DFG::SpeculativeJIT::noResult):
2053         (JSC::DFG::SpeculativeJIT::cellResult):
2054         (JSC::DFG::SpeculativeJIT::booleanResult):
2055         (JSC::DFG::SpeculativeJIT::jsValueResult):
2056         (JSC::DFG::SpeculativeJIT::storageResult):
2057         (JSC::DFG::SpeculativeJIT::doubleResult):
2058         (JSC::DFG::SpeculativeJIT::initConstantInfo):
2059         (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
2060         (JSC::DFG::SpeculativeJIT::isInteger):
2061         (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
2062         (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
2063         (JSC::DFG::SpeculativeJIT::setNodeForOperand):
2064         (JSC::DFG::IntegerOperand::IntegerOperand):
2065         (JSC::DFG::IntegerOperand::node):
2066         (JSC::DFG::IntegerOperand::gpr):
2067         (JSC::DFG::IntegerOperand::use):
2068         (IntegerOperand):
2069         (JSC::DFG::DoubleOperand::DoubleOperand):
2070         (JSC::DFG::DoubleOperand::node):
2071         (JSC::DFG::DoubleOperand::fpr):
2072         (JSC::DFG::DoubleOperand::use):
2073         (DoubleOperand):
2074         (JSC::DFG::JSValueOperand::JSValueOperand):
2075         (JSC::DFG::JSValueOperand::node):
2076         (JSC::DFG::JSValueOperand::gpr):
2077         (JSC::DFG::JSValueOperand::fill):
2078         (JSC::DFG::JSValueOperand::use):
2079         (JSValueOperand):
2080         (JSC::DFG::StorageOperand::StorageOperand):
2081         (JSC::DFG::StorageOperand::node):
2082         (JSC::DFG::StorageOperand::gpr):
2083         (JSC::DFG::StorageOperand::use):
2084         (StorageOperand):
2085         (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
2086         (JSC::DFG::SpeculateIntegerOperand::node):
2087         (JSC::DFG::SpeculateIntegerOperand::gpr):
2088         (JSC::DFG::SpeculateIntegerOperand::use):
2089         (SpeculateIntegerOperand):
2090         (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
2091         (JSC::DFG::SpeculateStrictInt32Operand::node):
2092         (JSC::DFG::SpeculateStrictInt32Operand::gpr):
2093         (JSC::DFG::SpeculateStrictInt32Operand::use):
2094         (SpeculateStrictInt32Operand):
2095         (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
2096         (JSC::DFG::SpeculateDoubleOperand::node):
2097         (JSC::DFG::SpeculateDoubleOperand::fpr):
2098         (JSC::DFG::SpeculateDoubleOperand::use):
2099         (SpeculateDoubleOperand):
2100         (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
2101         (JSC::DFG::SpeculateCellOperand::node):
2102         (JSC::DFG::SpeculateCellOperand::gpr):
2103         (JSC::DFG::SpeculateCellOperand::use):
2104         (SpeculateCellOperand):
2105         (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
2106         (JSC::DFG::SpeculateBooleanOperand::node):
2107         (JSC::DFG::SpeculateBooleanOperand::gpr):
2108         (JSC::DFG::SpeculateBooleanOperand::use):
2109         (SpeculateBooleanOperand):
2110         * dfg/DFGSpeculativeJIT32_64.cpp:
2111         (JSC::DFG::SpeculativeJIT::fillInteger):
2112         (JSC::DFG::SpeculativeJIT::fillDouble):
2113         (JSC::DFG::SpeculativeJIT::fillJSValue):
2114         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2115         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2116         (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
2117         (JSC::DFG::SpeculativeJIT::cachedPutById):
2118         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2119         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2120         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2121         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2122         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2123         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2124         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2125         (JSC::DFG::SpeculativeJIT::emitCall):
2126         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2127         (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
2128         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
2129         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2130         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2131         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2132         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2133         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2134         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2135         (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
2136         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
2137         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2138         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
2139         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2140         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
2141         (JSC::DFG::SpeculativeJIT::emitBranch):
2142         (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
2143         (JSC::DFG::SpeculativeJIT::compile):
2144         * dfg/DFGSpeculativeJIT64.cpp:
2145         (JSC::DFG::SpeculativeJIT::fillInteger):
2146         (JSC::DFG::SpeculativeJIT::fillDouble):
2147         (JSC::DFG::SpeculativeJIT::fillJSValue):
2148         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
2149         (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
2150         (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
2151         (JSC::DFG::SpeculativeJIT::cachedPutById):
2152         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
2153         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
2154         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2155         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
2156         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
2157         (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
2158         (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
2159         (JSC::DFG::SpeculativeJIT::emitCall):
2160         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2161         (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
2162         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
2163         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2164         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2165         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2166         (JSC::DFG::SpeculativeJIT::compileObjectEquality):
2167         (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
2168         (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
2169         (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
2170         (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
2171         (JSC::DFG::SpeculativeJIT::compileValueAdd):
2172         (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
2173         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2174         (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
2175         (JSC::DFG::SpeculativeJIT::emitBranch):
2176         (JSC::DFG::SpeculativeJIT::compile):
2177         * dfg/DFGStructureAbstractValue.h:
2178         (StructureAbstractValue):
2179         * dfg/DFGStructureCheckHoistingPhase.cpp:
2180         (JSC::DFG::StructureCheckHoistingPhase::run):
2181         * dfg/DFGValidate.cpp:
2182         (DFG):
2183         (Validate):
2184         (JSC::DFG::Validate::validate):
2185         (JSC::DFG::Validate::reportValidationContext):
2186         * dfg/DFGValidate.h:
2187         * dfg/DFGValueSource.cpp:
2188         (JSC::DFG::ValueSource::dump):
2189         * dfg/DFGValueSource.h:
2190         (JSC::DFG::ValueSource::ValueSource):
2191         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2192         (JSC::DFG::VirtualRegisterAllocationPhase::run):
2193         * runtime/FunctionExecutableDump.cpp: Added.
2194         (JSC):
2195         (JSC::FunctionExecutableDump::dump):
2196         * runtime/FunctionExecutableDump.h: Added.
2197         (JSC):
2198         (FunctionExecutableDump):
2199         (JSC::FunctionExecutableDump::FunctionExecutableDump):
2200         * runtime/JSGlobalData.cpp:
2201         (JSC::JSGlobalData::JSGlobalData):
2202         * runtime/JSGlobalData.h:
2203         (JSC):
2204         (DFG):
2205         (JSGlobalData):
2206         * runtime/Options.h:
2207         (JSC):
2208
2209 2013-01-28  Laszlo Gombos  <l.gombos@samsung.com>
2210
2211         Collapse testing for a list of PLATFORM() into OS() and USE() tests
2212         https://bugs.webkit.org/show_bug.cgi?id=108018
2213
2214         Reviewed by Eric Seidel.
2215
2216         No functional change as "OS(DARWIN) && USE(CF)" equals to the
2217         following platforms: MAC, WX, QT and CHROMIUM. CHROMIUM
2218         is not using JavaScriptCore. 
2219
2220         * runtime/DatePrototype.cpp:
2221         (JSC):
2222
2223 2013-01-28  Geoffrey Garen  <ggaren@apple.com>
2224
2225         Static size inference for JavaScript objects
2226         https://bugs.webkit.org/show_bug.cgi?id=108093
2227
2228         Reviewed by Phil Pizlo.
2229
2230         * API/JSObjectRef.cpp:
2231         * JavaScriptCore.order:
2232         * JavaScriptCore.xcodeproj/project.pbxproj: Pay the tax man.
2233
2234         * bytecode/CodeBlock.cpp:
2235         (JSC::CodeBlock::dumpBytecode): op_new_object and op_create_this now
2236         have an extra inferredInlineCapacity argument. This is the statically
2237         inferred inline capacity, just from analyzing source text. op_new_object
2238         also gets a pointer to an allocation profile. (For op_create_this, the
2239         profile is in the construtor function.)
2240
2241         (JSC::CodeBlock::CodeBlock): Link op_new_object.
2242
2243         (JSC::CodeBlock::stronglyVisitStrongReferences): Mark our profiles.
2244
2245         * bytecode/CodeBlock.h:
2246         (CodeBlock): Removed some dead code. Added object allocation profiles.
2247
2248         * bytecode/Instruction.h:
2249         (JSC): New union type, since an instruction operand may point to an
2250         object allocation profile now.
2251
2252         * bytecode/ObjectAllocationProfile.h: Added.
2253         (JSC):
2254         (ObjectAllocationProfile):
2255         (JSC::ObjectAllocationProfile::offsetOfAllocator):
2256         (JSC::ObjectAllocationProfile::offsetOfStructure):
2257         (JSC::ObjectAllocationProfile::ObjectAllocationProfile):
2258         (JSC::ObjectAllocationProfile::isNull):
2259         (JSC::ObjectAllocationProfile::initialize):
2260         (JSC::ObjectAllocationProfile::structure):
2261         (JSC::ObjectAllocationProfile::inlineCapacity):
2262         (JSC::ObjectAllocationProfile::clear):
2263         (JSC::ObjectAllocationProfile::visitAggregate):
2264         (JSC::ObjectAllocationProfile::possibleDefaultPropertyCount): New class
2265         for tracking a prediction about object allocation: structure, inline
2266         capacity, allocator to use.
2267
2268         * bytecode/Opcode.h:
2269         (JSC):
2270         (JSC::padOpcodeName): Updated instruction sizes.
2271
2272         * bytecode/UnlinkedCodeBlock.cpp:
2273         (JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
2274         * bytecode/UnlinkedCodeBlock.h:
2275         (JSC):
2276         (JSC::UnlinkedCodeBlock::addObjectAllocationProfile):
2277         (JSC::UnlinkedCodeBlock::numberOfObjectAllocationProfiles):
2278         (UnlinkedCodeBlock): Unlinked support for allocation profiles.
2279
2280         * bytecompiler/BytecodeGenerator.cpp:
2281         (JSC::BytecodeGenerator::generate): Kill all remaining analyses at the
2282         end of codegen, since this is our last opportunity.
2283
2284         (JSC::BytecodeGenerator::BytecodeGenerator): Added a static property
2285         analyzer to bytecode generation. It tracks initializing assignments and
2286         makes a guess about how many will happen.
2287
2288         (JSC::BytecodeGenerator::newObjectAllocationProfile):
2289         (JSC):
2290         (JSC::BytecodeGenerator::emitProfiledOpcode):
2291         (JSC::BytecodeGenerator::emitMove):
2292         (JSC::BytecodeGenerator::emitResolve):
2293         (JSC::BytecodeGenerator::emitResolveBase):
2294         (JSC::BytecodeGenerator::emitResolveBaseForPut):
2295         (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
2296         (JSC::BytecodeGenerator::emitResolveWithThis):
2297         (JSC::BytecodeGenerator::emitGetById):
2298         (JSC::BytecodeGenerator::emitPutById):
2299         (JSC::BytecodeGenerator::emitDirectPutById):
2300         (JSC::BytecodeGenerator::emitPutGetterSetter):
2301         (JSC::BytecodeGenerator::emitGetArgumentByVal):
2302         (JSC::BytecodeGenerator::emitGetByVal): Added hooks to the static property
2303         analyzer, so it can observe allocations and stores.
2304
2305         (JSC::BytecodeGenerator::emitCreateThis): Factored this into a helper
2306         function because it was a significant amount of logic, and I wanted to
2307         add to it.
2308
2309         (JSC::BytecodeGenerator::emitNewObject):
2310         (JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
2311         (JSC::BytecodeGenerator::emitCall):
2312         (JSC::BytecodeGenerator::emitCallVarargs):
2313         (JSC::BytecodeGenerator::emitConstruct): Added a hook to profiled opcodes
2314         to track their stores, in case a store kills a profiled allocation. Since
2315         profiled opcodes are basically the only interesting stores we do, this
2316         is a convenient place to notice any store that might kill an allocation.
2317
2318         * bytecompiler/BytecodeGenerator.h:
2319         (BytecodeGenerator): As above.
2320
2321         * bytecompiler/StaticPropertyAnalysis.h: Added.
2322         (JSC):
2323         (StaticPropertyAnalysis):
2324         (JSC::StaticPropertyAnalysis::create):
2325         (JSC::StaticPropertyAnalysis::addPropertyIndex):
2326         (JSC::StaticPropertyAnalysis::record):
2327         (JSC::StaticPropertyAnalysis::propertyIndexCount):
2328         (JSC::StaticPropertyAnalysis::StaticPropertyAnalysis): Simple helper
2329         class for tracking allocations and stores.
2330
2331         * bytecompiler/StaticPropertyAnalyzer.h: Added.
2332         (StaticPropertyAnalyzer):
2333         (JSC::StaticPropertyAnalyzer::StaticPropertyAnalyzer):
2334         (JSC::StaticPropertyAnalyzer::createThis):
2335         (JSC::StaticPropertyAnalyzer::newObject):
2336         (JSC::StaticPropertyAnalyzer::putById):
2337         (JSC::StaticPropertyAnalyzer::mov):
2338         (JSC::StaticPropertyAnalyzer::kill): Helper class for observing allocations
2339         and stores and making an inline capacity guess. The heuristics here are
2340         intentionally minimal because we don't want this one class to try to
2341         re-create something like a DFG or a runtime analysis. If we discover that
2342         we need those kinds of analyses, we should just replace this class with
2343         something else.
2344
2345         This class tracks multiple registers that alias the same object -- that
2346         happens a lot, when moving locals into temporary registers -- but it
2347         doesn't track control flow or multiple objects that alias the same register.
2348
2349         * dfg/DFGAbstractState.cpp:
2350         (JSC::DFG::AbstractState::execute): Updated for rename.
2351
2352         * dfg/DFGByteCodeParser.cpp:
2353         (JSC::DFG::ByteCodeParser::parseBlock): Updated for inline capacity and
2354         allocation profile.
2355
2356         * dfg/DFGNode.h:
2357         (JSC::DFG::Node::hasInlineCapacity):
2358         (Node):
2359         (JSC::DFG::Node::inlineCapacity):
2360         (JSC::DFG::Node::hasFunction): Give the graph a good way to represent
2361         inline capacity for an allocation.
2362
2363         * dfg/DFGNodeType.h:
2364         (DFG): Updated for rename.
2365
2366         * dfg/DFGOperations.cpp: Updated for interface change.
2367
2368         * dfg/DFGOperations.h: We pass the inline capacity to the slow case as
2369         an argument. This is the simplest way, since it's stored as a bytecode operand.
2370
2371         * dfg/DFGPredictionPropagationPhase.cpp:
2372         (JSC::DFG::PredictionPropagationPhase::propagate): Updated for rename.
2373
2374         * dfg/DFGRepatch.cpp:
2375         (JSC::DFG::tryCacheGetByID): Fixed a horrible off-by-one-half bug that only
2376         appears when doing an inline cached load for property number 64 on a 32-bit
2377         system. In JSVALUE32_64 land, "offsetRelativeToPatchedStorage" is the
2378         offset of the 64bit JSValue -- but we'll actually issue two loads, one for
2379         the payload at that offset, and one for the tag at that offset + 4. We need
2380         to ensure that both loads have a compact representation, or we'll corrupt
2381         the instruction stream.
2382
2383         * dfg/DFGSpeculativeJIT.cpp:
2384         (JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
2385         * dfg/DFGSpeculativeJIT.h:
2386         (JSC::DFG::SpeculativeJIT::callOperation):
2387         (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
2388         (SpeculativeJIT):
2389         (JSC::DFG::SpeculativeJIT::emitAllocateJSObject):
2390         * dfg/DFGSpeculativeJIT32_64.cpp:
2391         (JSC::DFG::SpeculativeJIT::compile):
2392         * dfg/DFGSpeculativeJIT64.cpp:
2393         (JSC::DFG::SpeculativeJIT::compile): Lots of refactoring to support
2394         passing an allocator to our allocation function, and/or passing a Structure
2395         as a register instead of an immediate.
2396
2397         * heap/MarkedAllocator.h:
2398         (DFG):
2399         (MarkedAllocator):
2400         (JSC::MarkedAllocator::offsetOfFreeListHead): Added an accessor to simplify
2401         JIT code generation of allocation from an arbitrary allocator.
2402
2403         * jit/JIT.h:
2404         (JSC):
2405         * jit/JITInlines.h:
2406         (JSC):
2407         (JSC::JIT::emitAllocateJSObject):
2408         * jit/JITOpcodes.cpp:
2409         (JSC::JIT::emit_op_new_object):
2410         (JSC::JIT::emitSlow_op_new_object):
2411         (JSC::JIT::emit_op_create_this):
2412         (JSC::JIT::emitSlow_op_create_this):
2413         * jit/JITOpcodes32_64.cpp:
2414         (JSC::JIT::emit_op_new_object):
2415         (JSC::JIT::emitSlow_op_new_object):
2416         (JSC::JIT::emit_op_create_this):
2417         (JSC::JIT::emitSlow_op_create_this): Same refactoring as done for the DFG.
2418
2419         * jit/JITStubs.cpp:
2420         (JSC::tryCacheGetByID): Fixed the same bug mentioned above.
2421
2422         (JSC::DEFINE_STUB_FUNCTION): Updated for interface changes.
2423
2424         * llint/LLIntData.cpp:
2425         (JSC::LLInt::Data::performAssertions): Updated for interface changes.
2426
2427         * llint/LLIntSlowPaths.cpp:
2428         (JSC::LLInt::LLINT_SLOW_PATH_DECL):
2429         * llint/LowLevelInterpreter.asm:
2430         * llint/LowLevelInterpreter32_64.asm:
2431         * llint/LowLevelInterpreter64.asm: Same refactoring as for the JITs.
2432
2433         * profiler/ProfilerBytecode.cpp:
2434         * profiler/ProfilerBytecodes.cpp:
2435         * profiler/ProfilerCompilation.cpp:
2436         * profiler/ProfilerCompiledBytecode.cpp:
2437         * profiler/ProfilerDatabase.cpp:
2438         * profiler/ProfilerOSRExit.cpp:
2439         * profiler/ProfilerOrigin.cpp:
2440         * profiler/ProfilerProfiledBytecodes.cpp: Include ObjectConstructor.h
2441         because that's where createEmptyObject() lives now.
2442
2443         * runtime/Executable.h:
2444         (JSC::JSFunction::JSFunction): Updated for rename.
2445
2446         * runtime/JSCellInlines.h:
2447         (JSC::allocateCell): Updated to match the allocator selection code in
2448         the JIT, so it's clearer that both are correct.
2449
2450         * runtime/JSFunction.cpp:
2451         (JSC::JSFunction::JSFunction):
2452         (JSC::JSFunction::createAllocationProfile):
2453         (JSC::JSFunction::visitChildren):
2454         (JSC::JSFunction::getOwnPropertySlot):
2455         (JSC::JSFunction::put):
2456         (JSC::JSFunction::defineOwnProperty):
2457         (JSC::JSFunction::getConstructData):
2458         * runtime/JSFunction.h:
2459         (JSC::JSFunction::offsetOfScopeChain):
2460         (JSC::JSFunction::offsetOfExecutable):
2461         (JSC::JSFunction::offsetOfAllocationProfile):
2462         (JSC::JSFunction::allocationProfile):
2463         (JSFunction):
2464         (JSC::JSFunction::tryGetAllocationProfile):
2465         (JSC::JSFunction::addAllocationProfileWatchpoint): Changed inheritorID
2466         data member to be an ObjectAllocationProfile, which includes a pointer
2467         to the desired allocator. This simplifies JIT code, since we don't have
2468         to compute the allocator on the fly. I verified by code inspection that
2469         JSFunction is still only 64 bytes.
2470
2471         * runtime/JSGlobalObject.cpp:
2472         (JSC::JSGlobalObject::reset):
2473         (JSC::JSGlobalObject::visitChildren):
2474         * runtime/JSGlobalObject.h:
2475         (JSGlobalObject):
2476         (JSC::JSGlobalObject::dateStructure): No direct pointer to the empty
2477         object structure anymore, because now clients need to specify how much
2478         inline capacity they want.
2479
2480         * runtime/JSONObject.cpp:
2481         * runtime/JSObject.h:
2482         (JSC):
2483         (JSFinalObject):
2484         (JSC::JSFinalObject::defaultInlineCapacity):
2485         (JSC::JSFinalObject::maxInlineCapacity):
2486         (JSC::JSFinalObject::createStructure): A little refactoring to try to 
2487         clarify where some of these constants derive from.
2488
2489         (JSC::maxOffsetRelativeToPatchedStorage): Used for bug fix, above.
2490
2491         * runtime/JSProxy.cpp:
2492         (JSC::JSProxy::setTarget): Ugly, but effective.
2493
2494         * runtime/LiteralParser.cpp:
2495         * runtime/ObjectConstructor.cpp:
2496         (JSC::constructObject):
2497         (JSC::constructWithObjectConstructor):
2498         (JSC::callObjectConstructor):
2499         (JSC::objectConstructorCreate): Updated for interface changes.
2500
2501         * runtime/ObjectConstructor.h:
2502         (JSC::constructEmptyObject): Clarified your options for how to allocate
2503         an empty object, to emphasize what things can actually vary.
2504
2505         * runtime/PropertyOffset.h: These constants have moved because they're
2506         really higher level concepts to do with the layout of objects and the
2507         collector. PropertyOffset is just an abstract number line, independent
2508         of those things.
2509
2510         * runtime/PrototypeMap.cpp:
2511         (JSC::PrototypeMap::emptyObjectStructureForPrototype):
2512         (JSC::PrototypeMap::clearEmptyObjectStructureForPrototype):
2513         * runtime/PrototypeMap.h:
2514         (PrototypeMap): The map key is now a pair of prototype and inline capacity,
2515         since Structure encodes inline capacity.
2516
2517         * runtime/Structure.cpp:
2518         (JSC::Structure::Structure):
2519         (JSC::Structure::materializePropertyMap):
2520         (JSC::Structure::addPropertyTransition):
2521         (JSC::Structure::nonPropertyTransition):
2522         (JSC::Structure::copyPropertyTableForPinning):
2523         * runtime/Structure.h:
2524         (Structure):
2525         (JSC::Structure::totalStorageSize):
2526         (JSC::Structure::transitionCount):
2527         (JSC::Structure::create): Fixed a nasty refactoring bug that only shows
2528         up after enabling variable-sized inline capacities: we were passing our
2529         type info where our inline capacity was expected. The compiler didn't
2530         notice because both have type int :(.
2531
2532 2013-01-28  Oliver Hunt  <oliver@apple.com>
2533
2534         Add more assertions to the property storage use in arrays
2535         https://bugs.webkit.org/show_bug.cgi?id=107728
2536
2537         Reviewed by Filip Pizlo.
2538
2539         Add a bunch of assertions to array and object butterfly
2540         usage.  This should make debugging somewhat easier.
2541
2542         I also converted a couple of assertions to release asserts
2543         as they were so low cost it seemed a sensible thing to do.
2544
2545         * runtime/JSArray.cpp:
2546         (JSC::JSArray::sortVector):
2547         (JSC::JSArray::compactForSorting):
2548         * runtime/JSObject.h:
2549         (JSC::JSObject::getHolyIndexQuickly):
2550
2551 2013-01-28  Adam Barth  <abarth@webkit.org>
2552
2553         Remove webkitNotifications.createHTMLNotification
2554         https://bugs.webkit.org/show_bug.cgi?id=107598
2555
2556         Reviewed by Benjamin Poulain.
2557
2558         * Configurations/FeatureDefines.xcconfig:
2559
2560 2013-01-28  Michael Saboff  <msaboff@apple.com>
2561
2562         Cleanup ARM version of debugName() in DFGFPRInfo.h
2563         https://bugs.webkit.org/show_bug.cgi?id=108090
2564
2565         Reviewed by David Kilzer.
2566
2567         Fixed debugName() so it will compile by adding static_cast<int> and missing commas.
2568
2569         * dfg/DFGFPRInfo.h:
2570         (JSC::DFG::FPRInfo::debugName):
2571
2572 2013-01-27  Andreas Kling  <akling@apple.com>
2573
2574         JSC: FunctionParameters are memory hungry.
2575         <http://webkit.org/b/108033>
2576         <rdar://problem/13094803>
2577
2578         Reviewed by Sam Weinig.
2579
2580         Instead of inheriting from Vector<Identifier>, make FunctionParameters a simple fixed-size array
2581         with a custom-allocating create() function. Removes one step of indirection and cuts memory usage
2582         roughly in half.
2583
2584         2.73 MB progression on Membuster3.
2585
2586         * bytecode/UnlinkedCodeBlock.cpp:
2587         (JSC::UnlinkedFunctionExecutable::paramString):
2588         * bytecompiler/BytecodeGenerator.cpp:
2589         (JSC::BytecodeGenerator::BytecodeGenerator):
2590         * parser/Nodes.cpp:
2591         (JSC::FunctionParameters::create):
2592         (JSC::FunctionParameters::FunctionParameters):
2593         (JSC::FunctionParameters::~FunctionParameters):
2594         * parser/Nodes.h:
2595         (FunctionParameters):
2596         (JSC::FunctionParameters::size):
2597         (JSC::FunctionParameters::at):
2598         (JSC::FunctionParameters::identifiers):
2599
2600 2013-01-27  Andreas Kling  <akling@apple.com>
2601
2602         JSC: SourceProviderCache is memory hungry.
2603         <http://webkit.org/b/108029>
2604         <rdar://problem/13094806>
2605
2606         Reviewed by Sam Weinig.
2607
2608         Use fixed-size arrays for SourceProviderCacheItem's lists of captured variables.
2609         Since the lists never change after the object is created, there's no need to keep them in Vectors
2610         and we can instead create the whole cache item in a single allocation.
2611
2612         13.37 MB progression on Membuster3.
2613
2614         * parser/Parser.cpp:
2615         (JSC::::parseFunctionInfo):
2616         * parser/Parser.h:
2617         (JSC::Scope::copyCapturedVariablesToVector):
2618         (JSC::Scope::fillParametersForSourceProviderCache):
2619         (JSC::Scope::restoreFromSourceProviderCache):
2620         * parser/SourceProviderCacheItem.h:
2621         (SourceProviderCacheItemCreationParameters):
2622         (SourceProviderCacheItem):
2623         (JSC::SourceProviderCacheItem::approximateByteSize):
2624         (JSC::SourceProviderCacheItem::usedVariables):
2625         (JSC::SourceProviderCacheItem::writtenVariables):
2626         (JSC::SourceProviderCacheItem::~SourceProviderCacheItem):
2627         (JSC::SourceProviderCacheItem::create):
2628         (JSC::SourceProviderCacheItem::SourceProviderCacheItem):
2629
2630 2013-01-27  Zoltan Arvai  <zarvai@inf.u-szeged.hu>
2631
2632         Fixing atomicIncrement implementation for Windows by dropping support before XP SP2.
2633         https://bugs.webkit.org/show_bug.cgi?id=106740
2634
2635         Reviewed by Benjamin Poulain.
2636
2637         * config.h:
2638
2639 2013-01-25  Filip Pizlo  <fpizlo@apple.com>
2640
2641         DFG variable event stream shouldn't use NodeIndex
2642         https://bugs.webkit.org/show_bug.cgi?id=107996
2643
2644         Reviewed by Oliver Hunt.
2645         
2646         Introduce the notion of a DFG::MinifiedID, which is just a unique ID of a DFG Node.
2647         Internally it currently uses a NodeIndex, but we could change this without having
2648         to recode all of the users of MinifiedID. This effectively decouples the OSR exit
2649         compiler's way of identifying nodes from the speculative JIT's way of identifying
2650         nodes, and should make it easier to make changes to the speculative JIT's internals
2651         in the future.
2652         
2653         Also changed variable event stream logging to exclude information about births and
2654         deaths of constants, since the OSR exit compiler never cares about which register
2655         holds a constant; if a value is constant then the OSR exit compiler can reify it.
2656         
2657         Also changed the variable event stream's value recovery computation to use a
2658         HashMap keyed by MinifiedID rather than a Vector indexed by NodeIndex.
2659         
2660         This appears to be performance-neutral. It's primarily meant as a small step
2661         towards https://bugs.webkit.org/show_bug.cgi?id=106868.
2662
2663         * GNUmakefile.list.am:
2664         * JavaScriptCore.xcodeproj/project.pbxproj:
2665         * dfg/DFGGenerationInfo.h:
2666         (JSC::DFG::GenerationInfo::GenerationInfo):
2667         (JSC::DFG::GenerationInfo::initConstant):
2668         (JSC::DFG::GenerationInfo::initInteger):
2669         (JSC::DFG::GenerationInfo::initJSValue):
2670         (JSC::DFG::GenerationInfo::initCell):
2671         (JSC::DFG::GenerationInfo::initBoolean):
2672         (JSC::DFG::GenerationInfo::initDouble):
2673         (JSC::DFG::GenerationInfo::initStorage):
2674         (JSC::DFG::GenerationInfo::noticeOSRBirth):
2675         (JSC::DFG::GenerationInfo::use):
2676         (JSC::DFG::GenerationInfo::appendFill):
2677         (JSC::DFG::GenerationInfo::appendSpill):
2678         (GenerationInfo):
2679         * dfg/DFGJITCompiler.cpp:
2680         (JSC::DFG::JITCompiler::link):
2681         * dfg/DFGMinifiedGraph.h:
2682         (JSC::DFG::MinifiedGraph::at):
2683         (MinifiedGraph):
2684         * dfg/DFGMinifiedID.h: Added.
2685         (DFG):
2686         (MinifiedID):
2687         (JSC::DFG::MinifiedID::MinifiedID):
2688         (JSC::DFG::MinifiedID::operator!):
2689         (JSC::DFG::MinifiedID::nodeIndex):
2690         (JSC::DFG::MinifiedID::operator==):
2691         (JSC::DFG::MinifiedID::operator!=):
2692         (JSC::DFG::MinifiedID::operator<):
2693         (JSC::DFG::MinifiedID::operator>):
2694         (JSC::DFG::MinifiedID::operator<=):
2695         (JSC::DFG::MinifiedID::operator>=):
2696         (JSC::DFG::MinifiedID::hash):
2697         (JSC::DFG::MinifiedID::dump):
2698         (JSC::DFG::MinifiedID::isHashTableDeletedValue):
2699         (JSC::DFG::MinifiedID::invalidID):
2700         (JSC::DFG::MinifiedID::otherInvalidID):
2701         (JSC::DFG::MinifiedID::fromBits):
2702         (JSC::DFG::MinifiedIDHash::hash):
2703         (JSC::DFG::MinifiedIDHash::equal):
2704         (MinifiedIDHash):
2705         (WTF):
2706         * dfg/DFGMinifiedNode.cpp:
2707         (JSC::DFG::MinifiedNode::fromNode):
2708         * dfg/DFGMinifiedNode.h:
2709         (JSC::DFG::MinifiedNode::id):
2710         (JSC::DFG::MinifiedNode::child1):
2711         (JSC::DFG::MinifiedNode::getID):
2712         (JSC::DFG::MinifiedNode::compareByNodeIndex):
2713         (MinifiedNode):
2714         * dfg/DFGSpeculativeJIT.cpp:
2715         (JSC::DFG::SpeculativeJIT::compileMovHint):
2716         (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
2717         * dfg/DFGSpeculativeJIT.h:
2718         (JSC::DFG::SpeculativeJIT::setNodeIndexForOperand):
2719         * dfg/DFGValueSource.cpp:
2720         (JSC::DFG::ValueSource::dump):
2721         * dfg/DFGValueSource.h:
2722         (JSC::DFG::ValueSource::ValueSource):
2723         (JSC::DFG::ValueSource::isSet):
2724         (JSC::DFG::ValueSource::kind):
2725         (JSC::DFG::ValueSource::id):
2726         (ValueSource):
2727         (JSC::DFG::ValueSource::idFromKind):
2728         (JSC::DFG::ValueSource::kindFromID):
2729         * dfg/DFGVariableEvent.cpp:
2730         (JSC::DFG::VariableEvent::dump):
2731         (JSC::DFG::VariableEvent::dumpFillInfo):
2732         (JSC::DFG::VariableEvent::dumpSpillInfo):
2733         * dfg/DFGVariableEvent.h:
2734         (JSC::DFG::VariableEvent::fillGPR):
2735         (JSC::DFG::VariableEvent::fillPair):
2736         (JSC::DFG::VariableEvent::fillFPR):
2737         (JSC::DFG::VariableEvent::spill):
2738         (JSC::DFG::VariableEvent::death):
2739         (JSC::DFG::VariableEvent::movHint):
2740         (JSC::DFG::VariableEvent::id):
2741         (VariableEvent):
2742         * dfg/DFGVariableEventStream.cpp:
2743         (DFG):
2744         (JSC::DFG::VariableEventStream::tryToSetConstantRecovery):
2745         (JSC::DFG::VariableEventStream::reconstruct):
2746         * dfg/DFGVariableEventStream.h:
2747         (VariableEventStream):
2748
2749 2013-01-25  Roger Fong  <roger_fong@apple.com>
2750
2751         Unreviewed. Rename LLInt projects folder and make appropriate changes to solutions.
2752
2753         * JavaScriptCore.vcxproj/JavaScriptCore.sln:
2754         * JavaScriptCore.vcxproj/LLInt: Copied from JavaScriptCore.vcxproj/LLInt.vcproj.
2755         * JavaScriptCore.vcxproj/LLInt.vcproj: Removed.
2756         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly: Removed.
2757         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.make: Removed.
2758         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj: Removed.
2759         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/LLIntAssembly.vcxproj.user: Removed.
2760         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntAssembly/build-LLIntAssembly.sh: Removed.
2761         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets: Removed.
2762         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.make: Removed.
2763         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj: Removed.
2764         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/LLIntDesiredOffsets.vcxproj.user: Removed.
2765         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntDesiredOffsets/build-LLIntDesiredOffsets.sh: Removed.
2766         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor: Removed.
2767         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj: Removed.
2768         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractor.vcxproj.user: Removed.
2769         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props: Removed.
2770         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorDebug.props: Removed.
2771         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorRelease.props: Removed.
2772
2773 2013-01-24  Roger Fong  <roger_fong@apple.com>
2774
2775         VS2010 JavascriptCore: Clean up property sheets, add a JSC solution, add testRegExp and testAPI projects.
2776         https://bugs.webkit.org/show_bug.cgi?id=106987
2777
2778         Reviewed by Brent Fulgham.
2779
2780         * JavaScriptCore.vcxproj/JavaScriptCore.sln: Added.
2781         * JavaScriptCore.vcxproj/JavaScriptCoreCF.props:
2782         * JavaScriptCore.vcxproj/JavaScriptCoreCommon.props:
2783         * JavaScriptCore.vcxproj/JavaScriptCorePreLink.cmd:
2784         * JavaScriptCore.vcxproj/LLInt.vcproj/LLIntOffsetsExtractor/LLIntOffsetsExtractorCommon.props:
2785         * JavaScriptCore.vcxproj/jsc/jscCommon.props:
2786         * JavaScriptCore.vcxproj/jsc/jscDebug.props:
2787         * JavaScriptCore.vcxproj/jsc/jscPostBuild.cmd:
2788         * JavaScriptCore.vcxproj/jsc/jscPreLink.cmd:
2789         * JavaScriptCore.vcxproj/testRegExp: Added.
2790         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj: Added.
2791         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.filters: Added.
2792         * JavaScriptCore.vcxproj/testRegExp/testRegExp.vcxproj.user: Added.
2793         * JavaScriptCore.vcxproj/testRegExp/testRegExpCommon.props: Added.
2794         * JavaScriptCore.vcxproj/testRegExp/testRegExpDebug.props: Added.
2795         * JavaScriptCore.vcxproj/testRegExp/testRegExpPostBuild.cmd: Added.
2796         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreBuild.cmd: Added.
2797         * JavaScriptCore.vcxproj/testRegExp/testRegExpPreLink.cmd: Added.
2798         * JavaScriptCore.vcxproj/testRegExp/testRegExpRelease.props: Added.
2799         * JavaScriptCore.vcxproj/testapi: Added.
2800         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj: Added.
2801         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.filters: Added.
2802         * JavaScriptCore.vcxproj/testapi/testapi.vcxproj.user: Added.
2803         * JavaScriptCore.vcxproj/testapi/testapiCommon.props: Added.
2804         * JavaScriptCore.vcxproj/testapi/testapiDebug.props: Added.
2805         * JavaScriptCore.vcxproj/testapi/testapiPostBuild.cmd: Added.
2806         * JavaScriptCore.vcxproj/testapi/testapiPreBuild.cmd: Added.
2807         * JavaScriptCore.vcxproj/testapi/testapiPreLink.cmd: Added.
2808         * JavaScriptCore.vcxproj/testapi/testapiRelease.props: Added.
2809
2810 2013-01-24  Roger Fong  <roger_fong@apple.com>
2811
2812         Unreviewed. Windows build fix.
2813
2814         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
2815
2816 2013-01-24  Filip Pizlo  <fpizlo@apple.com>
2817
2818         DFG::JITCompiler::getSpeculation() methods are badly named and superfluous
2819         https://bugs.webkit.org/show_bug.cgi?id=107860
2820
2821         Reviewed by Mark Hahnenberg.
2822
2823         * dfg/DFGJITCompiler.h:
2824         (JITCompiler):
2825         * dfg/DFGSpeculativeJIT64.cpp:
2826         (JSC::DFG::SpeculativeJIT::compileLogicalNot):
2827         (JSC::DFG::SpeculativeJIT::emitBranch):
2828
2829 2013-01-24  Mark Hahnenberg  <mhahnenberg@apple.com>
2830
2831         Objective-C API: Rename JSValue.h/APIJSValue.h to JSCJSValue.h/JSValue.h
2832         https://bugs.webkit.org/show_bug.cgi?id=107327
2833
2834         Reviewed by Filip Pizlo.
2835
2836         We're renaming these two files, so we have to replace the names everywhere.
2837
2838         * API/APICast.h:
2839         * API/APIJSValue.h: Removed.
2840         * API/JSBlockAdaptor.mm:
2841         * API/JSStringRefCF.cpp:
2842         * API/JSValue.h: Copied from Source/JavaScriptCore/API/APIJSValue.h.
2843         * API/JSValue.mm:
2844         * API/JSValueInternal.h:
2845         * API/JSValueRef.cpp:
2846         * API/JSWeakObjectMapRefPrivate.cpp:
2847         * API/JavaScriptCore.h:
2848         * CMakeLists.txt:
2849         * GNUmakefile.list.am:
2850         * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
2851         * JavaScriptCore.xcodeproj/project.pbxproj:
2852         * Target.pri:
2853         * bytecode/CallLinkStatus.h:
2854         * bytecode/CodeBlock.cpp:
2855         * bytecode/MethodOfGettingAValueProfile.h:
2856         * bytecode/ResolveGlobalStatus.cpp:
2857         * bytecode/ResolveGlobalStatus.h:
2858         * bytecode/SpeculatedType.h:
2859         * bytecode/ValueRecovery.h:
2860         * dfg/DFGByteCodeParser.cpp:
2861         * dfg/DFGJITCompiler.cpp:
2862         * dfg/DFGNode.h:
2863         * dfg/DFGSpeculativeJIT.cpp:
2864         * dfg/DFGSpeculativeJIT64.cpp:
2865         * heap/CopiedBlock.h:
2866         * heap/HandleStack.cpp:
2867         * heap/HandleTypes.h:
2868         * heap/WeakImpl.h:
2869         * interpreter/Interpreter.h:
2870         * interpreter/Register.h:
2871         * interpreter/VMInspector.h:
2872         * jit/HostCallReturnValue.cpp:
2873         * jit/HostCallReturnValue.h:
2874         * jit/JITCode.h:
2875         * jit/JITExceptions.cpp:
2876         * jit/JITExceptions.h:
2877         * jit/JSInterfaceJIT.h:
2878         * llint/LLIntCLoop.h:
2879         * llint/LLIntData.h:
2880         * llint/LLIntSlowPaths.cpp:
2881         * profiler/ProfilerBytecode.h:
2882         * profiler/ProfilerBytecodeSequence.h:
2883         * profiler/ProfilerBytecodes.h:
2884         * profiler/ProfilerCompilation.h:
2885         * profiler/ProfilerCompiledBytecode.h:
2886         * profiler/ProfilerDatabase.h:
2887         * profiler/ProfilerOSRExit.h:
2888         * profiler/ProfilerOSRExitSite.h:
2889         * profiler/ProfilerOrigin.h:
2890         * profiler/ProfilerOriginStack.h:
2891         * runtime/ArgList.cpp:
2892         * runtime/CachedTranscendentalFunction.h:
2893         * runtime/CallData.h:
2894         * runtime/Completion.h:
2895         * runtime/ConstructData.h:
2896         * runtime/DateConstructor.cpp:
2897         * runtime/DateInstance.cpp:
2898         * runtime/DatePrototype.cpp:
2899         * runtime/JSAPIValueWrapper.h:
2900         * runtime/JSCJSValue.cpp: Copied from Source/JavaScriptCore/runtime/JSValue.cpp.
2901         * runtime/JSCJSValue.h: Copied from Source/JavaScriptCore/runtime/JSValue.h.
2902         (JSValue):
2903         * runtime/JSCJSValueInlines.h: Copied from Source/JavaScriptCore/runtime/JSValueInlines.h.
2904         * runtime/JSGlobalData.h:
2905         * runtime/JSGlobalObject.cpp:
2906         * runtime/JSGlobalObjectFunctions.h:
2907         * runtime/JSStringJoiner.h:
2908         * runtime/JSValue.cpp: Removed.
2909         * runtime/JSValue.h: Removed.
2910         * runtime/JSValueInlines.h: Removed.
2911         * runtime/LiteralParser.h:
2912         * runtime/Operations.h:
2913         * runtime/PropertyDescriptor.h:
2914         * runtime/PropertySlot.h:
2915         * runtime/Protect.h:
2916         * runtime/RegExpPrototype.cpp:
2917         * runtime/Structure.h:
2918
2919 2013-01-23  Oliver Hunt  <oliver@apple.com>
2920
2921         Harden JSC a bit with RELEASE_ASSERT
2922         https://bugs.webkit.org/show_bug.cgi?id=107766
2923
2924         Reviewed by Mark Hahnenberg.
2925
2926         Went through and replaced a pile of ASSERTs that were covering
2927         significantly important details (bounds checks, etc) where
2928         having the checks did not impact release performance in any
2929         measurable way.
2930
2931         * API/JSContextRef.cpp:
2932         (JSContextCreateBacktrace):
2933         * assembler/MacroAssembler.h:
2934         (JSC::MacroAssembler::branchAdd32):
2935         (JSC::MacroAssembler::branchMul32):
2936         * bytecode/CodeBlock.cpp:
2937         (JSC::CodeBlock::dumpBytecode):
2938         (JSC::CodeBlock::handlerForBytecodeOffset):
2939         (JSC::CodeBlock::lineNumberForBytecodeOffset):
2940         (JSC::CodeBlock::bytecodeOffset):
2941         * bytecode/CodeBlock.h:
2942         (JSC::CodeBlock::bytecodeOffsetForCallAtIndex):
2943         (JSC::CodeBlock::bytecodeOffset):
2944         (JSC::CodeBlock::exceptionHandler):
2945         (JSC::CodeBlock::codeOrigin):
2946         (JSC::CodeBlock::immediateSwitchJumpTable):
2947         (JSC::CodeBlock::characterSwitchJumpTable):
2948         (JSC::CodeBlock::stringSwitchJumpTable):
2949         (JSC::CodeBlock::setIdentifiers):
2950         (JSC::baselineCodeBlockForInlineCallFrame):
2951         (JSC::ExecState::uncheckedR):
2952         * bytecode/CodeOrigin.cpp:
2953         (JSC::CodeOrigin::inlineStack):
2954         * bytecode/CodeOrigin.h:
2955         (JSC::CodeOrigin::CodeOrigin):
2956         * dfg/DFGCSEPhase.cpp:
2957         * dfg/DFGOSRExit.cpp:
2958         * dfg/DFGScratchRegisterAllocator.h:
2959         (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
2960         (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
2961         * dfg/DFGSpeculativeJIT.h:
2962         (JSC::DFG::SpeculativeJIT::allocate):
2963         (JSC::DFG::SpeculativeJIT::spill):
2964         (JSC::DFG::SpeculativeJIT::integerResult):
2965         * dfg/DFGSpeculativeJIT64.cpp:
2966         (JSC::DFG::SpeculativeJIT::fillInteger):
2967         (JSC::DFG::SpeculativeJIT::fillDouble):
2968         (JSC::DFG::SpeculativeJIT::fillJSValue):
2969         (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
2970         (JSC::DFG::SpeculativeJIT::emitCall):
2971         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
2972         (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
2973         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
2974         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
2975         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
2976         (JSC::DFG::SpeculativeJIT::compile):
2977         * dfg/DFGValueSource.h:
2978         (JSC::DFG::dataFormatToValueSourceKind):
2979         (JSC::DFG::ValueSource::ValueSource):
2980         * dfg/DFGVirtualRegisterAllocationPhase.cpp:
2981         * heap/BlockAllocator.cpp:
2982         (JSC::BlockAllocator::BlockAllocator):
2983         (JSC::BlockAllocator::releaseFreeRegions):
2984         (JSC::BlockAllocator::blockFreeingThreadMain):
2985         * heap/Heap.cpp:
2986         (JSC::Heap::lastChanceToFinalize):
2987         (JSC::Heap::collect):
2988         * interpreter/Interpreter.cpp:
2989         (JSC::Interpreter::throwException):
2990         (JSC::Interpreter::execute):
2991         * jit/GCAwareJITStubRoutine.cpp:
2992         (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
2993         * jit/JIT.cpp:
2994         (JSC::JIT::privateCompileMainPass):
2995         (JSC::JIT::privateCompileSlowCases):
2996         * jit/JITExceptions.cpp:
2997         (JSC::genericThrow):
2998         * jit/JITInlines.h:
2999         (JSC::JIT::emitLoad):
3000         * jit/JITOpcodes.cpp:
3001         (JSC::JIT::emit_op_end):
3002         (JSC::JIT::emit_resolve_operations):
3003         * jit/JITStubRoutine.cpp:
3004         (JSC::JITStubRoutine::observeZeroRefCount):
3005         * jit/JITStubs.cpp:
3006         (JSC::returnToThrowTrampoline):
3007         * runtime/Arguments.cpp:
3008         (JSC::Arguments::getOwnPropertySlot):
3009         (JSC::Arguments::getOwnPropertyDescriptor):
3010         (JSC::Arguments::deleteProperty):
3011         (JSC::Arguments::defineOwnProperty):
3012         (JSC::Arguments::didTearOffActivation):
3013         * runtime/ArrayPrototype.cpp:
3014         (JSC::shift):
3015         (JSC::unshift):
3016         (JSC::arrayProtoFuncLastIndexOf):
3017         * runtime/ButterflyInlines.h:
3018         (JSC::Butterfly::growPropertyStorage):
3019         * runtime/CodeCache.cpp:
3020         (JSC::CodeCache::getFunctionExecutableFromGlobalCode):
3021         * runtime/CodeCache.h:
3022         (JSC::CacheMap::add):
3023         * runtime/Completion.cpp:
3024         (JSC::checkSyntax):
3025         (JSC::evaluate):
3026         * runtime/Executable.cpp:
3027         (JSC::FunctionExecutable::FunctionExecutable):
3028         (JSC::EvalExecutable::unlinkCalls):
3029         (JSC::ProgramExecutable::compileOptimized):
3030         (JSC::ProgramExecutable::unlinkCalls):
3031         (JSC::ProgramExecutable::initializeGlobalProperties):
3032         (JSC::FunctionExecutable::baselineCodeBlockFor):
3033         (JSC::FunctionExecutable::compileOptimizedForCall):
3034         (JSC::FunctionExecutable::compileOptimizedForConstruct):
3035         (JSC::FunctionExecutable::compileForCallInternal):
3036         (JSC::FunctionExecutable::compileForConstructInternal):
3037         (JSC::FunctionExecutable::unlinkCalls):
3038         (JSC::NativeExecutable::hashFor):
3039         * runtime/Executable.h:
3040         (JSC::EvalExecutable::compile):
3041         (JSC::ProgramExecutable::compile):
3042         (JSC::FunctionExecutable::compileForCall):
3043         (JSC::FunctionExecutable::compileForConstruct):
3044         * runtime/IndexingHeader.h:
3045         (JSC::IndexingHeader::setVectorLength):
3046         * runtime/JSArray.cpp:
3047         (JSC::JSArray::pop):
3048         (JSC::JSArray::shiftCountWithArrayStorage):
3049         (JSC::JSArray::shiftCountWithAnyIndexingType):
3050         (JSC::JSArray::unshiftCountWithArrayStorage):
3051         * runtime/JSGlobalObjectFunctions.cpp:
3052         (JSC::jsStrDecimalLiteral):
3053         * runtime/JSObject.cpp:
3054         (JSC::JSObject::copyButterfly):
3055         (JSC::JSObject::defineOwnIndexedProperty):
3056         (JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
3057         * runtime/JSString.cpp:
3058         (JSC::JSRopeString::getIndexSlowCase):
3059         * yarr/YarrInterpreter.cpp:
3060         (JSC::Yarr::Interpreter::popParenthesesDisjunctionContext):
3061
3062 2013-01-23  Filip Pizlo  <fpizlo@apple.com>
3063
3064         Constant folding an access to an uncaptured variable that is captured later in the same basic block shouldn't lead to assertion failures
3065         https://bugs.webkit.org/show_bug.cgi?id=107750
3066         <rdar://problem/12387265>
3067
3068         Reviewed by Mark Hahnenberg.
3069         
3070         The point of this assertion was that if there is no variable capturing going on, then there should only be one GetLocal
3071         for the variable anywhere in the basic block. But if there is some capturing, then we'll have an unbounded number of
3072         GetLocals. The assertion was too imprecise for the latter case. I want to keep this assertion, so I introduced a
3073         checker that verifies this precisely: if there are any captured accesses to the variable anywhere at or after the
3074         GetLocal we are eliminating, then we allow redundant GetLocals.
3075
3076         * dfg/DFGConstantFoldingPhase.cpp:
3077         (JSC::DFG::ConstantFoldingPhase::foldConstants):
3078         (ConstantFoldingPhase):
3079         (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
3080
3081 2013-01-23  Oliver Hunt  <oliver@apple.com>
3082
3083         Replace ASSERT_NOT_REACHED with RELEASE_ASSERT_NOT_REACHED in JSC
3084         https://bugs.webkit.org/show_bug.cgi?id=107736
3085
3086         Reviewed by Mark Hahnenberg.
3087
3088         Mechanical change with no performance impact.
3089
3090         * API/JSBlockAdaptor.mm:
3091         (BlockArgumentTypeDelegate::typeVoid):
3092         * API/JSCallbackObjectFunctions.h:
3093         (JSC::::construct):
3094         (JSC::::call):
3095         * API/JSScriptRef.cpp:
3096         * API/ObjCCallbackFunction.mm:
3097         (ArgumentTypeDelegate::typeVoid):
3098         * assembler/ARMv7Assembler.h:
3099         (JSC::ARMv7Assembler::link):
3100         (JSC::ARMv7Assembler::replaceWithLoad):
3101         (JSC::ARMv7Assembler::replaceWithAddressComputation):
3102         * assembler/MacroAssembler.h:
3103         (JSC::MacroAssembler::invert):
3104         * assembler/MacroAssemblerARM.h:
3105         (JSC::MacroAssemblerARM::countLeadingZeros32):
3106         (JSC::MacroAssemblerARM::divDouble):
3107         * assembler/MacroAssemblerMIPS.h:
3108         (JSC::MacroAssemblerMIPS::absDouble):
3109         (JSC::MacroAssemblerMIPS::replaceWithJump):
3110         (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
3111         * assembler/MacroAssemblerSH4.h:
3112         (JSC::MacroAssemblerSH4::absDouble):
3113         (JSC::MacroAssemblerSH4::replaceWithJump):
3114         (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
3115         * assembler/SH4Assembler.h:
3116         (JSC::SH4Assembler::shllImm8r):
3117         (JSC::SH4Assembler::shlrImm8r):
3118         (JSC::SH4Assembler::cmplRegReg):
3119         (JSC::SH4Assembler::branch):
3120         * assembler/X86Assembler.h:
3121         (JSC::X86Assembler::replaceWithLoad):
3122         (JSC::X86Assembler::replaceWithAddressComputation):
3123         * bytecode/CallLinkInfo.cpp:
3124         (JSC::CallLinkInfo::unlink):
3125         * bytecode/CodeBlock.cpp:
3126         (JSC::debugHookName):
3127         (JSC::CodeBlock::printGetByIdOp):
3128         (JSC::CodeBlock::printGetByIdCacheStatus):
3129         (JSC::CodeBlock::visitAggregate):
3130         (JSC::CodeBlock::finalizeUnconditionally):
3131         (JSC::CodeBlock::usesOpcode):
3132         * bytecode/DataFormat.h:
3133         (JSC::needDataFormatConversion):
3134         * bytecode/ExitKind.cpp:
3135         (JSC::exitKindToString):
3136         (JSC::exitKindIsCountable):
3137         * bytecode/MethodOfGettingAValueProfile.cpp:
3138         (JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
3139         * bytecode/Opcode.h:
3140         (JSC::opcodeLength):
3141         * bytecode/PolymorphicPutByIdList.cpp:
3142         (JSC::PutByIdAccess::fromStructureStubInfo):
3143         (JSC::PutByIdAccess::visitWeak):
3144         * bytecode/StructureStubInfo.cpp:
3145         (JSC::StructureStubInfo::deref):
3146         * bytecompiler/BytecodeGenerator.cpp:
3147         (JSC::ResolveResult::checkValidity):
3148         (JSC::BytecodeGenerator::emitGetLocalVar):
3149         (JSC::BytecodeGenerator::beginSwitch):
3150         * bytecompiler/NodesCodegen.cpp:
3151         (JSC::BinaryOpNode::emitBytecode):
3152         (JSC::emitReadModifyAssignment):
3153         * dfg/DFGAbstractState.cpp:
3154         (JSC::DFG::AbstractState::execute):
3155         (JSC::DFG::AbstractState::mergeStateAtTail):
3156         (JSC::DFG::AbstractState::mergeToSuccessors):
3157         * dfg/DFGByteCodeParser.cpp:
3158         (JSC::DFG::ByteCodeParser::makeSafe):
3159         (JSC::DFG::ByteCodeParser::parseBlock):
3160         * dfg/DFGCFGSimplificationPhase.cpp:
3161         (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
3162         (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
3163         * dfg/DFGCSEPhase.cpp:
3164         (JSC::DFG::CSEPhase::setLocalStoreElimination):
3165         * dfg/DFGCapabilities.cpp:
3166         (JSC::DFG::canHandleOpcodes):
3167         * dfg/DFGCommon.h:
3168         (JSC::DFG::useKindToString):
3169         * dfg/DFGDoubleFormatState.h:
3170         (JSC::DFG::mergeDoubleFormatStates):
3171         (JSC::DFG::doubleFormatStateToString):
3172         * dfg/DFGFixupPhase.cpp:
3173         (JSC::DFG::FixupPhase::blessArrayOperation):
3174         * dfg/DFGGraph.h:
3175         (JSC::DFG::Graph::clobbersWorld):
3176         * dfg/DFGNode.h:
3177         (JSC::DFG::Node::valueOfJSConstant):
3178         (JSC::DFG::Node::successor):
3179         * dfg/DFGNodeFlags.cpp:
3180         (JSC::DFG::nodeFlagsAsString):
3181         * dfg/DFGNodeType.h:
3182         (JSC::DFG::defaultFlags):
3183         * dfg/DFGRepatch.h:
3184         (JSC::DFG::dfgResetGetByID):
3185         (JSC::DFG::dfgResetPutByID):
3186         * dfg/DFGSlowPathGenerator.h:
3187         (JSC::DFG::SlowPathGenerator::call):
3188         * dfg/DFGSpeculativeJIT.cpp:
3189         (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
3190         (JSC::DFG::SpeculativeJIT::silentSpill):
3191         (JSC::DFG::SpeculativeJIT::silentFill):
3192         (JSC::DFG::SpeculativeJIT::checkArray):
3193         (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
3194         (JSC::DFG::SpeculativeJIT::compileValueToInt32):
3195         (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
3196         (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
3197         * dfg/DFGSpeculativeJIT.h:
3198         (JSC::DFG::SpeculativeJIT::bitOp):
3199         (JSC::DFG::SpeculativeJIT::shiftOp):
3200         (JSC::DFG::SpeculativeJIT::integerResult):
3201         * dfg/DFGSpeculativeJIT32_64.cpp:
3202         (JSC::DFG::SpeculativeJIT::fillInteger):
3203         (JSC::DFG::SpeculativeJIT::fillDouble):
3204         (JSC::DFG::SpeculativeJIT::fillJSValue):
3205         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3206         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3207         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3208         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3209         (JSC::DFG::SpeculativeJIT::compile):
3210         * dfg/DFGSpeculativeJIT64.cpp:
3211         (JSC::DFG::SpeculativeJIT::fillInteger):
3212         (JSC::DFG::SpeculativeJIT::fillDouble):
3213         (JSC::DFG::SpeculativeJIT::fillJSValue):
3214         (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
3215         (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
3216         (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
3217         (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
3218         (JSC::DFG::SpeculativeJIT::compile):
3219         * dfg/DFGStructureCheckHoistingPhase.cpp:
3220         (JSC::DFG::StructureCheckHoistingPhase::run):
3221         * dfg/DFGValueSource.h:
3222         (JSC::DFG::ValueSource::valueRecovery):
3223         * dfg/DFGVariableEvent.cpp:
3224         (JSC::DFG::VariableEvent::dump):
3225         * dfg/DFGVariableEventStream.cpp:
3226         (JSC::DFG::VariableEventStream::reconstruct):
3227         * heap/BlockAllocator.h:
3228         (JSC::BlockAllocator::regionSetFor):
3229         * heap/GCThread.cpp:
3230         (JSC::GCThread::gcThreadMain):
3231         * heap/MarkedBlock.cpp:
3232         (JSC::MarkedBlock::sweepHelper):
3233         * heap/MarkedBlock.h:
3234         (JSC::MarkedBlock::isLive):
3235         * interpreter/CallFrame.h:
3236         (JSC::ExecState::inlineCallFrame):
3237         * interpreter/Interpreter.cpp:
3238         (JSC::getCallerInfo):
3239         (JSC::getStackFrameCodeType):
3240         (JSC::Interpreter::execute):
3241         * jit/ExecutableAllocatorFixedVMPool.cpp:
3242         (JSC::FixedVMPoolExecutableAllocator::notifyPageIsFree):
3243         * jit/JIT.cpp:
3244         (JSC::JIT::privateCompileMainPass):
3245         (JSC::JIT::privateCompileSlowCases):
3246         (JSC::JIT::privateCompile):
3247         * jit/JITArithmetic.cpp:
3248         (JSC::JIT::emitSlow_op_mod):
3249         * jit/JITArithmetic32_64.cpp:
3250         (JSC::JIT::emitBinaryDoubleOp):
3251         (JSC::JIT::emitSlow_op_mod):
3252         * jit/JITPropertyAccess.cpp:
3253         (JSC::JIT::isDirectPutById):
3254         * jit/JITStubs.cpp:
3255         (JSC::getPolymorphicAccessStructureListSlot):
3256         (JSC::DEFINE_STUB_FUNCTION):
3257         * llint/LLIntSlowPaths.cpp:
3258         (JSC::LLInt::jitCompileAndSetHeuristics):
3259         * parser/Lexer.cpp:
3260         (JSC::::lex):
3261         * parser/Nodes.h:
3262         (JSC::ExpressionNode::emitBytecodeInConditionContext):
3263         * parser/Parser.h:
3264         (JSC::Parser::getTokenName):
3265         (JSC::Parser::updateErrorMessageSpecialCase):
3266         * parser/SyntaxChecker.h:
3267         (JSC::SyntaxChecker::operatorStackPop):
3268         * runtime/Arguments.cpp:
3269         (JSC::Arguments::tearOffForInlineCallFrame):
3270         * runtime/DatePrototype.cpp:
3271         (JSC::formatLocaleDate):
3272         * runtime/Executable.cpp:
3273         (JSC::samplingDescription):
3274         * runtime/Executable.h:
3275         (JSC::ScriptExecutable::unlinkCalls):
3276         * runtime/Identifier.cpp:
3277         (JSC):
3278         * runtime/InternalFunction.cpp:
3279         (JSC::InternalFunction::getCallData):
3280         * runtime/JSArray.cpp:
3281         (JSC::JSArray::push):
3282         (JSC::JSArray::sort):
3283         * runtime/JSCell.cpp:
3284         (JSC::JSCell::defaultValue):
3285         (JSC::JSCell::getOwnPropertyNames):
3286         (JSC::JSCell::getOwnNonIndexPropertyNames):
3287         (JSC::JSCell::className):
3288         (JSC::JSCell::getPropertyNames):
3289         (JSC::JSCell::customHasInstance):
3290         (JSC::JSCell::putDirectVirtual):
3291         (JSC::JSCell::defineOwnProperty):
3292         (JSC::JSCell::getOwnPropertyDescriptor):
3293         * runtime/JSCell.h:
3294         (JSCell):
3295         * runtime/JSNameScope.cpp:
3296         (JSC::JSNameScope::put):
3297         * runtime/JSObject.cpp:
3298         (JSC::JSObject::getOwnPropertySlotByIndex):
3299         (JSC::JSObject::putByIndex):
3300         (JSC::JSObject::ensureArrayStorageSlow):
3301         (JSC::JSObject::deletePropertyByIndex):
3302         (JSC::JSObject::getOwnPropertyNames):
3303         (JSC::JSObject::putByIndexBeyondVectorLength):
3304         (JSC::JSObject::putDirectIndexBeyondVectorLength):
3305         (JSC::JSObject::getOwnPropertyDescriptor):
3306         * runtime/JSObject.h:
3307         (JSC::JSObject::canGetIndexQuickly):
3308         (JSC::JSObject::getIndexQuickly):
3309         (JSC::JSObject::tryGetIndexQuickly):
3310         (JSC::JSObject::canSetIndexQuickly):
3311         (JSC::JSObject::canSetIndexQuicklyForPutDirect):
3312         (JSC::JSObject::setIndexQuickly):
3313         (JSC::JSObject::initializeIndex):
3314         (JSC::JSObject::hasSparseMap):
3315         (JSC::JSObject::inSparseIndexingMode):
3316         * runtime/JSScope.cpp:
3317         (JSC::JSScope::isDynamicScope):
3318         * runtime/JSSymbolTableObject.cpp:
3319         (JSC::JSSymbolTableObject::putDirectVirtual):
3320         * runtime/JSSymbolTableObject.h:
3321         (JSSymbolTableObject):
3322         * runtime/LiteralParser.cpp:
3323         (JSC::::parse):
3324         * runtime/RegExp.cpp:
3325         (JSC::RegExp::compile):
3326         (JSC::RegExp::compileMatchOnly):
3327         * runtime/StructureTransitionTable.h:
3328         (JSC::newIndexingType):
3329         * tools/CodeProfile.cpp:
3330         (JSC::CodeProfile::sample):
3331         * yarr/YarrCanonicalizeUCS2.h:
3332         (JSC::Yarr::getCanonicalPair):
3333         (JSC::Yarr::areCanonicallyEquivalent):
3334         * yarr/YarrInterpreter.cpp:
3335         (JSC::Yarr::Interpreter::matchCharacterClass):
3336         (JSC::Yarr::Interpreter::matchBackReference):
3337         (JSC::Yarr::Interpreter::backtrackParenthesesTerminalEnd):
3338         (JSC::Yarr::Interpreter::matchParentheses):
3339         (JSC::Yarr::Interpreter::backtrackParentheses):
3340         (JSC::Yarr::Interpreter::matchDisjunction):
3341         * yarr/YarrJIT.cpp:
3342         (JSC::Yarr::YarrGenerator::generateTerm):
3343         (JSC::Yarr::YarrGenerator::backtrackTerm):
3344         * yarr/YarrParser.h:
3345         (JSC::Yarr::Parser::CharacterClassParserDelegate::assertionWordBoundary):
3346         (JSC::Yarr::Parser::CharacterClassParserDelegate::atomBackReference):
3347         * yarr/YarrPattern.cpp:
3348         (JSC::Yarr::YarrPatternConstructor::atomCharacterClassBuiltIn):
3349
3350 2013-01-23  Tony Chang  <tony@chromium.org>
3351
3352         Unreviewed, set svn:eol-style to CRLF on Windows .sln files.
3353
3354         * JavaScriptCore.vcproj/JavaScriptCore.sln: Modified property svn:eol-style.
3355         * JavaScriptCore.vcproj/JavaScriptCoreSubmit.sln: Modified property svn:eol-style.
3356
3357 2013-01-23  Oliver Hunt  <oliver@apple.com>
3358
3359         Replace numerous manual CRASH's in JSC with RELEASE_ASSERT
3360         https://bugs.webkit.org/show_bug.cgi?id=107726
3361
3362         Reviewed by Filip Pizlo.
3363
3364         Fairly manual change from if (foo) CRASH(); to RELEASE_ASSERT(!foo);
3365
3366         * assembler/MacroAssembler.h:
3367         (JSC::MacroAssembler::branchAdd32):
3368         (JSC::MacroAssembler::branchMul32):
3369         * bytecode/CodeBlockHash.cpp:
3370         (JSC::CodeBlockHash::CodeBlockHash):
3371         * heap/BlockAllocator.h:
3372         (JSC::Region::create):
3373         (JSC::Region::createCustomSize):
3374         * heap/GCAssertions.h:
3375         * heap/HandleSet.cpp:
3376         (JSC::HandleSet::visitStrongHandles):
3377         (JSC::HandleSet::writeBarrier):
3378         * heap/HandleSet.h:
3379         (JSC::HandleSet::allocate):
3380         * heap/Heap.cpp:
3381         (JSC::Heap::collect):
3382         * heap/SlotVisitor.cpp:
3383         (JSC::SlotVisitor::validate):
3384         * interpreter/Interpreter.cpp:
3385         (JSC::Interpreter::execute):
3386         * jit/ExecutableAllocator.cpp: